CVE-2023-34334

AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure, or data tampering.  
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ami:megarac_sp-x:*:*:*:*:*:*:*:*
cpe:2.3:a:ami:megarac_sp-x:*:*:*:*:*:*:*:*

History

20 Jun 2023, 16:30

Type Values Removed Values Added
References (MISC) https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023005.pdf - (MISC) https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023005.pdf - Vendor Advisory
First Time Ami
Ami megarac Sp-x
CPE cpe:2.3:a:ami:megarac_sp-x:*:*:*:*:*:*:*:*
CWE CWE-78
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.8

12 Jun 2023, 18:22

Type Values Removed Values Added
New CVE

Information

Published : 2023-06-12 18:15

Updated : 2024-02-28 20:13


NVD link : CVE-2023-34334

Mitre link : CVE-2023-34334

CVE.ORG link : CVE-2023-34334


JSON object : View

Products Affected

ami

  • megarac_sp-x
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')