CVE-2023-34334 HIGH

CVE-2023-34334

Vendor Ami

Product MegaRAC_SPx

Weakness CWE-78

Published June 12, 2023

Last update January 3, 2025

View on NVD All CVEs

CVSS base score

7.2/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure, or data tampering.

Key dates

02Disclosure timeline

June 12, 2023 CVE published

January 3, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-34334 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/78.html

Related vulnerabilities

Identifiers

CVE CVE-2023-34334

CWE CWE-78

CVSS 7.2 / HIGH

Affected versions

Vendor Ami

Product MegaRAC_SPx

Affected ≥ 12.0 and < 12.7

Vendor Ami

Product MegaRAC_SPx

Affected ≥ 13.0 and < 13.5

CVE-2023-34334

01Description

02Disclosure timeline

03References

04Related CVE