CVE-2023-34342
CVE-2023-34342
In short
A vulnerability in AMI BMC's IPMI handler allows attackers to upload and download files arbitrarily under certain conditions, potentially causing system denial of service, privilege escalation, information theft, or data corruption.
Technical detail
CWE-22 path traversal vulnerability in AMI BMC's IPMI handler permits arbitrary file upload/download operations under specific preconditions, enabling denial of service, privilege escalation, unauthorized information disclosure, and data integrity compromise. Attack vector requires access to the IPMI interface.
Summary generated and translated by AI from the official description.
AMI BMC contains a vulnerability in the IPMI handler, where an
attacker can upload and download arbitrary files under certain circumstances,
which may lead to denial of service, escalation of privileges, information
disclosure, or data tampering.
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Affected products
AMI · MegaRAC_SPxWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →