CVE-2023-34343

AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure, or data tampering.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ami:megarac_sp-x:*:*:*:*:*:*:*:*
cpe:2.3:a:ami:megarac_sp-x:*:*:*:*:*:*:*:*

History

20 Jun 2023, 13:46

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.8
CWE CWE-78
References (MISC) https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023005.pdf - (MISC) https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023005.pdf - Vendor Advisory
First Time Ami
Ami megarac Sp-x
CPE cpe:2.3:a:ami:megarac_sp-x:*:*:*:*:*:*:*:*

12 Jun 2023, 18:22

Type Values Removed Values Added
New CVE

Information

Published : 2023-06-12 18:15

Updated : 2024-02-28 20:13


NVD link : CVE-2023-34343

Mitre link : CVE-2023-34343

CVE.ORG link : CVE-2023-34343


JSON object : View

Products Affected

ami

  • megarac_sp-x
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')