CVE-2023-34345
CVE-2023-34345
In short
AMI BMC's SPX REST API allows an attacker with proper access credentials to read any file on the system, potentially exposing sensitive information like passwords or configuration details.
Technical detail
The SPX REST API in AMI BMC fails to properly validate file paths, enabling path traversal (CWE-22) attacks. An authenticated attacker can bypass directory restrictions to access arbitrary files, resulting in unauthorized information disclosure.
Summary generated and translated by AI from the official description.
AMI BMC contains a vulnerability in the SPX REST API, where an
attacker with the required privileges can access arbitrary files, which may
lead to information disclosure.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected products
AMI · MegaRAC_SPxWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →