AMI BMC contains a vulnerability in the SPX REST API, where an
attacker with the required privileges can inject arbitrary shell commands,
which may lead to code execution, denial of service, information disclosure, or
data tampering.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 08:07
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.2 |
References | () https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023005.pdf - Vendor Advisory |
20 Jun 2023, 13:46
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-78 | |
References | (MISC) https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023005.pdf - Vendor Advisory | |
CPE | cpe:2.3:a:ami:megarac_sp-x:*:*:*:*:*:*:*:* | |
First Time |
Ami
Ami megarac Sp-x |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
12 Jun 2023, 18:22
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-06-12 18:15
Updated : 2024-11-21 08:07
NVD link : CVE-2023-34343
Mitre link : CVE-2023-34343
CVE.ORG link : CVE-2023-34343
JSON object : View
Products Affected
ami
- megarac_sp-x
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')