MegaRAC SPx12 Vulnerability: Authentication Bypass via HTTP Header Spoofing
CVE-2023-34329

8HIGH

Key Information:

Vendor: Ami
Status: Megarac Spx12
Vendor: CVE Published:; 18 July 2023

What is CVE-2023-34329?

The AMI MegaRAC SPx12 firmware has a vulnerability in its Baseboard Management Controller (BMC) that allows an attacker to bypass authentication mechanisms through HTTP header spoofing. This flaw may lead to significant security risks, including unauthorized access and a compromise of the system's confidentiality, integrity, and availability. It is essential for users to remain vigilant and apply necessary security measures to mitigate potential exploitation of this vulnerability.

Affected Version(s)

MegaRAC_SPx12 12.0 < 12.4

References

https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443...

https://security.netapp.com/advisory/ntap-20230814-0004/

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 18, 2023
Vulnerability Reserved
Jun 1, 2023

Credit

Vlad Babkin from Eclypsium Research

Ami

What is CVE-2023-34329?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit