CVE-2023-34334
CVE-2023-34334
In short
A vulnerability in AMI BMC's REST API allows someone with special access to run arbitrary commands on the system, potentially leading to data theft, system crashes, or unauthorized changes.
Technical detail
CWE-78 (OS Command Injection) in the SPX REST API permits authenticated attackers to inject shell metacharacters into API parameters, achieving arbitrary command execution with the privileges of the BMC process. Exploitation requires valid credentials and access to the REST API endpoint.
Summary generated and translated by AI from the official description.
AMI BMC contains a vulnerability in the SPX REST API, where an
attacker with the required privileges can inject arbitrary shell commands,
which may lead to code execution, denial of service, information disclosure, or
data tampering.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected products
AMI · MegaRAC_SPxWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →