Home/Product/ami megarac sp x
Product

ami megarac sp x

31 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2024-54085
>= 12 and < 12.7
AMI’s SPx contains a vulnerability in the BMC where an Attacker may bypass authentication remotely through the Redfish Host Inte
9.8CRITICAL
 CVE-2023-3043
>= 12 and < 12.7
AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause a stack-based buffer overflow via an adjacent network.
9.6CRITICAL
 CVE-2023-37297
>= 12 and < 12.7
AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause a heap memory corruption via an adjacent network. A su
8.3HIGH
 CVE-2023-37296
>= 12 and < 12.7
AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause a stack memory corruption via an adjacent network. A s
8.3HIGH
 CVE-2023-37295
>= 12 and < 12.7
AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause a heap memory corruption via an adjacent network. A su
8.3HIGH
 CVE-2023-37294
>= 12 and < 12.7
AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause a heap memory corruption via an adjacent network. A su
8.3HIGH
 CVE-2023-37293
>= 12 and < 12.7
AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause a stack-based buffer overflow via an adjacent network.
9.6CRITICAL
 CVE-2023-34333
>= 12 and < 12.7
AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause an untrusted pointer to dereference via a local networ
7.8HIGH
 CVE-2023-34332
>= 12 and < 12.7
AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause an untrusted pointer to dereference by a local network
7.8HIGH
 CVE-2023-34330
all versions
AMI SPx contains a vulnerability in the BMC where a user may inject code which could be executed via a Dynamic Redfish Extension i
8.2HIGH
 CVE-2023-34329
all versions
AMI MegaRAC SPx12 contains a vulnerability in BMC where a User may cause an authentication bypass by spoofing the HTTP header. A s
9.1CRITICAL
 CVE-2023-34473
all versions
AMI SPx contains a vulnerability in the BMC where a valid user may cause a use of hard-coded credentials. A successful exploit of
6.6MEDIUM
 CVE-2023-34472
all versions
AMI SPx contains a vulnerability in the BMC where an Attacker may cause an improper neutralization of CRLF sequences in HTTP Heade
5.7MEDIUM
 CVE-2023-34471
all versions
AMI SPx contains a vulnerability in the BMC where a user may cause a missing cryptographic step by generating a hash-based message
6.3MEDIUM
 CVE-2023-34338
all versions
AMI SPx contains a vulnerability in the BMC where an Attacker may cause a use of hard-coded cryptographic key by a hard-coded cert
7.1HIGH
 CVE-2023-34337
all versions
AMI SPx contains a vulnerability in the BMC where a user may cause an inadequate encryption strength by hash-based message authent
7.6HIGH
 CVE-2023-34343
>= 12.0 and < 12.7
AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can inject arbitrary shell co
7.2HIGH
 CVE-2023-34342
>= 12.0 and < 12.7
AMI BMC contains a vulnerability in the IPMI handler, where an attacker can upload and download arbitrary files under certain circ
6.0MEDIUM
 CVE-2023-34336
>= 12.0 and < 12.7
AMI BMC contains a vulnerability in the IPMI handler, where an attacker with the required privileges can cause a buffer overflow,
8.1HIGH
 CVE-2023-34335
>= 12.0 and < 12.7
AMI BMC contains a vulnerability in the IPMI handler, where an unauthenticated host is allowed to write to a host SPI flash, bypas
7.7HIGH
 CVE-2023-34334
>= 12.0 and < 12.7
AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can inject arbitrary shell co
7.2HIGH
 CVE-2023-34345
>= 12.0 and < 12.7
AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can access arbitrary files, w
6.5MEDIUM
 CVE-2023-34344
>= 12.0 and < 12.7
AMI BMC contains a vulnerability in the IPMI handler, where an unauthorized attacker can use certain oracles to guess a valid user
5.3MEDIUM
 CVE-2023-34341
>= 12.0 and < 12.7
AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can read and write to arbitra
7.2HIGH
 CVE-2023-28863
all versions
AMI MegaRAC SPx12 and SPx13 devices have Insufficient Verification of Data Authenticity.
9.1CRITICAL
 CVE-2023-25192
all versions
AMI MegaRAC SPX devices allow User Enumeration through Redfish. The fixed versions are SPx12-update-7.00 and SPx13-update-5.00.
5.3MEDIUM
 CVE-2023-25191
all versions
AMI MegaRAC SPX devices allow Password Disclosure through Redfish. The fixed versions are SPx_12-update-7.00 and SPx_13-update-5.0
7.5HIGH
 CVE-2022-26872
all versions
AMI Megarac Password reset interception via API
8.3HIGH
 CVE-2022-40259
all versions
MegaRAC Default Credentials Vulnerability
8.3HIGH
 CVE-2022-40242
all versions
MegaRAC Default Credentials Vulnerability
7.5HIGH
 CVE-2022-2827
all versions
AMI MegaRAC User Enumeration Vulnerability
7.5HIGH
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin