Improper Neutralization of CRLF Sequences in AMI SPx BMC
CVE-2023-34472

5.7MEDIUM

Key Information:

Vendor: Ami
Status: Megarac Spx
Vendor: CVE Published:; 5 July 2023

What is CVE-2023-34472?

AMI SPx BMC is susceptible to a security vulnerability that allows an attacker to manipulate HTTP headers through improper neutralization of CRLF sequences. This exploitation may compromise the integrity of data and security, potentially impacting applications and services relying on the BMC. Organizations using the affected versions should apply available patches immediately to safeguard against potential attacks.

Affected Version(s)

MegaRAC_SPx ARM 12.0 < 12.7

MegaRAC_SPx ARM 13.0 < 13.5

References

https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443...

CVSS V3.1

Score:

5.7

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 5, 2023
Vulnerability Reserved
Jun 7, 2023

Ami

What is CVE-2023-34472?

Affected Version(s)

References

CVSS V3.1

Timeline