CVE-2023-34341
CVE-2023-34341
In short
A flaw in AMI BMC's SPX REST API allows privileged attackers to read and write to memory in the IPMI server process, potentially leading to code execution, crashes, or data theft.
Technical detail
CWE-119 vulnerability in SPX REST API permits arbitrary memory read/write within IPMI server process context for authenticated/authorized users; exploitation vector is network-based HTTP requests, with impacts including remote code execution, denial of service, and information disclosure.
Summary generated and translated by AI from the official description.
AMI BMC contains a vulnerability in the SPX REST API, where an
attacker with the required privileges can read and write to arbitrary locations
within the memory context of the IPMI server process, which may lead to code
execution, denial of service, information disclosure, or data tampering.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected products
AMI · MegaRAC_SPxWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →