Inadequate Encryption Strength
CVE-2023-34337

7.6HIGH

Key Information:

Vendor: Ami
Status: Megarac Spx
Vendor: CVE Published:; 5 July 2023

What is CVE-2023-34337?

A vulnerability exists in the BMC of AMI SPx, where the implementation of hash-based message authentication code (HMAC) allows for inadequate encryption strength. If exploited, this flaw may compromise the confidentiality, integrity, and availability of sensitive data, leading to potential data breaches and security incidents.

Affected Version(s)

MegaRAC_SPx ARM 12.0 < 12.2

References

https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443...

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 5, 2023
Vulnerability Reserved
Jun 1, 2023

Ami

What is CVE-2023-34337?

Affected Version(s)

References

CVSS V3.1

Timeline