AMI BMC contains a vulnerability in the SPX REST API, where an
attacker with the required privileges can inject arbitrary shell commands,
which may lead to code execution, denial of service, information disclosure, or
data tampering.
References
Link | Resource |
---|---|
https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023005.pdf | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
20 Jun 2023, 13:46
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
CWE | CWE-78 | |
References | (MISC) https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023005.pdf - Vendor Advisory | |
First Time |
Ami
Ami megarac Sp-x |
|
CPE | cpe:2.3:a:ami:megarac_sp-x:*:*:*:*:*:*:*:* |
12 Jun 2023, 18:22
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-06-12 18:15
Updated : 2024-02-28 20:13
NVD link : CVE-2023-34343
Mitre link : CVE-2023-34343
CVE.ORG link : CVE-2023-34343
JSON object : View
Products Affected
ami
- megarac_sp-x
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')