CVE-2022-40242

MegaRAC Default Credentials Vulnerability

CVE-2022-40259

MegaRAC Default Credentials Vulnerability

CVE-2023-34329

AMI MegaRAC SPx12 contains a vulnerability in BMC where a User may cause an authentication bypass by spoofing the HTTP header. A successful exploit of this vulnerability may lead to loss of confidentiality, integrity, and availability.

CVE-2023-28863

AMI MegaRAC SPx12 and SPx13 devices have Insufficient Verification of Data Authenticity.

CVE-2023-3043

AMI’s SPx containsa vulnerability in the BMC where an Attacker maycause a stack-based buffer overflow via an adjacent network. A successful exploitationof this vulnerability may lead to a loss of confidentiality, integrity, and/oravailability.

CVE-2023-34338

AMI SPx contains a vulnerability in the BMC where an Attacker may cause a use of hard-coded cryptographic key by a hard-coded certificate. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity, and availability.

CVE-2023-37293

AMI’s SPx containsa vulnerability in the BMC where an Attacker may cause astack-based buffer overflow via an adjacent network. A successful exploitationof this vulnerability may lead to a loss of confidentiality, integrity, and/oravailability.

CVE-2023-34342

AMI BMC contains a vulnerability in the IPMI handler, where anattacker can upload and download arbitrary files under certain circumstances,which may lead to denial of service, escalation of privileges, informationdisclosure, or data tampering.