Buffer Overflow Vulnerability in AMI BMC IPMI Handler
CVE-2023-34336

8.8HIGH

Key Information:

Vendor: AMI
Status: MegaRAC_SPx
Vendor: CVE Published:; 12 June 2023

What is CVE-2023-34336?

The AMI BMC product contains a vulnerability in its IPMI handler that can be exploited by an attacker with sufficient privileges. This flaw allows for a potential buffer overflow, which could lead to unauthorized code execution, denial of service conditions, or the possibility of privilege escalation. Proper remediation is crucial to mitigate the risks associated with this vulnerability.

Affected Version(s)

MegaRAC_SPx ARM 13.0 < 13.5

MegaRAC_SPx ARM 12.0 < 12.7

References

https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 12, 2023
Vulnerability Reserved
Jun 1, 2023

Credit

NVIDIA Offensive Security Research (OSR) team

JSON