Insufficient Verification of Data Authenticity in AMI MegaRAC SPx12 and SPx13 Devices
CVE-2023-28863

9.1CRITICAL

Key Information:

Vendor: Ami
Status: Megarac Sp-x
Vendor: CVE Published:; 18 April 2023

What is CVE-2023-28863?

The AMI MegaRAC SPx12 and SPx13 devices exhibit a vulnerability characterized by insufficient verification of data authenticity. This weakness can allow an attacker to manipulate data sent to or from the device, posing significant risks to system integrity and secure communications. It's crucial for users to ensure their devices are updated and security measures are in place to mitigate potential exploitation of this vulnerability.

References

https://ami.com

https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443...

https://www.kb.cert.org/vuls/id/163057

third-party-advisory

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 18, 2023
Vulnerability Reserved
Mar 26, 2023

Ami

What is CVE-2023-28863?

References

CVSS V3.1

Timeline