CVE-2023-34343
CVE-2023-34343
In short
A flaw in AMI BMC's REST API allows someone with access to inject harmful commands that can execute code, crash the system, expose data, or modify files.
Technical detail
CWE-78 command injection vulnerability in SPX REST API allows authenticated/privileged attackers to inject arbitrary shell commands leading to code execution, DoS, information disclosure, and data integrity compromise.
Summary generated and translated by AI from the official description.
AMI BMC contains a vulnerability in the SPX REST API, where an
attacker with the required privileges can inject arbitrary shell commands,
which may lead to code execution, denial of service, information disclosure, or
data tampering.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected products
AMI · MegaRAC_SPxWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →