AMI BMC contains a vulnerability in the SPX REST API, where an
attacker with the required privileges can inject arbitrary shell commands,
which may lead to code execution, denial of service, information disclosure, or
data tampering.
References
Link | Resource |
---|---|
https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023005.pdf | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
20 Jun 2023, 16:30
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023005.pdf - Vendor Advisory | |
First Time |
Ami
Ami megarac Sp-x |
|
CPE | cpe:2.3:a:ami:megarac_sp-x:*:*:*:*:*:*:*:* | |
CWE | CWE-78 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
12 Jun 2023, 18:22
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-06-12 18:15
Updated : 2024-02-28 20:13
NVD link : CVE-2023-34334
Mitre link : CVE-2023-34334
CVE.ORG link : CVE-2023-34334
JSON object : View
Products Affected
ami
- megarac_sp-x
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')