CVE-2023-34334

AMI BMC contains a vulnerability in the SPX REST API, where an
attacker with the required privileges can inject arbitrary shell commands,
which may lead to code execution, denial of service, information disclosure, or
data tampering.

 
OS Command Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
AMICNA
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 58%
Affected Products (NVD)
VendorProductVersion
amimegarac_sp-x
12.0 ≤
𝑥
< 12.7
amimegarac_sp-x
13.0 ≤
𝑥
< 13.5
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
amimegarac_spx
12.0 ≤
𝑥
< 12.7
CNA
amimegarac_spx
13.0 ≤
𝑥
< 13.5
CNA
Common Weakness Enumeration
References
https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023005.pdf
https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023005.pdf