Code injection via Dynamic Redfish Extension interface
CVE-2023-34330

8.8HIGH

Key Information:

Vendor: Ami
Status: Megarac Spx12; Megarac Spx13
Vendor: CVE Published:; 18 July 2023

What is CVE-2023-34330?

AMI SPx features a vulnerability within its Baseboard Management Controller (BMC) that permits code injection via the Dynamic Redfish Extension interface. This flaw enables malicious users to execute unauthorized code, potentially resulting in serious implications for the confidentiality, integrity, and availability of the system. Organizations using AMI SPx should assess their exposure to this vulnerability to formulate appropriate security measures.

Affected Version(s)

MegaRAC_SPx12 12.0 < 12.4

MegaRAC_SPx13 13.0 < 13.2

References

https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443...

https://security.netapp.com/advisory/ntap-20230814-0004/

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 18, 2023
Vulnerability Reserved
Jun 1, 2023

Ami

What is CVE-2023-34330?

Affected Version(s)

References

CVSS V3.1

Timeline