Megarac Sp-x@12 Security Vulnerabilities and Issues — Megarac Sp-x@12 CVE List

Lucene search

AmiMegarac Sp-x12

14 matches found

CVE•added 2022/12/05 10:15 p.m.•100 views

CVE-2022-40242

MegaRAC Default Credentials Vulnerability

9.8CVSS8.8AI score0.00144EPSS

CVE•added 2022/12/05 10:15 p.m.•99 views

CVE-2022-40259

MegaRAC Default Credentials Vulnerability

9.8CVSS9.3AI score0.00318EPSS

CVE•added 2023/07/18 6:15 p.m.•96 views

CVE-2023-34329

AMI MegaRAC SPx12 contains a vulnerability in BMC where a User may cause an authentication bypass by spoofing the HTTP header. A successful exploit of this vulnerability may lead to loss of confidentiality, integrity, and availability.

9.1CVSS8.1AI score0.0002EPSS

CVE•added 2022/12/05 10:15 p.m.•71 views

CVE-2022-2827

AMI MegaRAC User Enumeration Vulnerability

7.5CVSS7.8AI score0.18046EPSS

CVE•added 2023/04/18 2:15 p.m.•68 views

CVE-2023-28863

AMI MegaRAC SPx12 and SPx13 devices have Insufficient Verification of Data Authenticity.

9.1CVSS9.2AI score0.0018EPSS

CVE•added 2023/02/15 3:15 p.m.•65 views

CVE-2023-25191

AMI MegaRAC SPX devices allow Password Disclosure through Redfish. The fixed versions are SPx_12-update-7.00 and SPx_13-update-5.00.

7.5CVSS7.6AI score0.00232EPSS

CVE•added 2023/07/18 6:15 p.m.•58 views

CVE-2023-34330

AMI SPx contains a vulnerability in the BMC where a user may inject code which could be executed via a Dynamic Redfish Extension interface. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity, and availability.

8.8CVSS8.4AI score0.00044EPSS

CVE•added 2023/01/30 4:15 p.m.•54 views

CVE-2022-26872

AMI Megarac Password reset interception via API

8.8CVSS8.7AI score0.00117EPSS

CVE•added 2023/02/15 3:15 p.m.•49 views

CVE-2023-25192

AMI MegaRAC SPX devices allow User Enumeration through Redfish. The fixed versions are SPx12-update-7.00 and SPx13-update-5.00.

5.3CVSS5.4AI score0.00162EPSS

CVE•added 2023/07/05 7:15 p.m.•41 views

CVE-2023-34338

AMI SPx contains a vulnerability in the BMC where an Attacker may cause a use of hard-coded cryptographic key by a hard-coded certificate. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity, and availability.

9.8CVSS7.4AI score0.00186EPSS

CVE•added 2023/07/05 7:15 p.m.•32 views

CVE-2023-34473

AMI SPx contains a vulnerability in the BMC where a valid user may cause a use of hard-coded credentials. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity, and availability.

8.8CVSS7AI score0.00123EPSS

CVE•added 2023/07/05 7:15 p.m.•23 views

CVE-2023-34337

AMI SPx contains a vulnerability in the BMC where a user may cause an inadequate encryption strength by hash-based message authentication code (HMAC). A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity, and availability.

8.8CVSS8AI score0.00116EPSS

CVE•added 2023/07/05 7:15 p.m.•23 views

CVE-2023-34471

AMI SPx contains a vulnerability in the BMC where a user may cause a missing cryptographic step by generating a hash-based message authentication code (HMAC). A successful exploit of this vulnerability may lead to the loss confidentiality, integrity, and authentication.

8.1CVSS7AI score0.00062EPSS

CVE•added 2023/07/05 7:15 p.m.•23 views

CVE-2023-34472

AMI SPx contains a vulnerability in the BMC where an Attacker may cause an improper neutralization of CRLF sequences in HTTP Headers. A successful exploit of this vulnerability may lead to a loss of integrity.

6.5CVSS6.4AI score0.00203EPSS