Arbitrary File Upload Vulnerability in AMI BMC Software
CVE-2023-34342
9.1CRITICAL
What is CVE-2023-34342?
The AMI BMC software is susceptible to an arbitrary file upload vulnerability within its IPMI handler. This flaw permits an attacker to upload and download arbitrary files under specific conditions. Consequently, this could result in various security risks, including denial of service, privilege escalation, unauthorized information disclosure, and potential data tampering, posing significant threats to system integrity and data security.
Affected Version(s)
MegaRAC_SPx ARM 12.0 < 12.7
MegaRAC_SPx ARM 13.0 < 13.5
References
CVSS V3.1
Score:
9.1
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
NVIDIA Offensive Security Research (OSR) team