Memory Manipulation Vulnerability in AMI BMC SPX REST API
CVE-2023-34341

8.8HIGH

Key Information:

Vendor: AMI
Status: MegaRAC_SPx
Vendor: CVE Published:; 12 June 2023

What is CVE-2023-34341?

The AMI BMC SPX REST API has a vulnerability that allows an attacker with appropriate privileges to read and write arbitrary memory locations within the IPMI server process. This flaw could lead to serious security risks, including unauthorized code execution, denial of service, potential information disclosure, and malicious data tampering.

Affected Version(s)

MegaRAC_SPx ARM 12.0 < 12.7

MegaRAC_SPx ARM 13.0 < 13.5

References

https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 12, 2023
Vulnerability Reserved
Jun 1, 2023

Credit

NVIDIA Offensive Security Research (OSR) team