Vulnerabilities > AMI > Megarac SP X > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-07-05 CVE-2023-34338 Use of Hard-coded Credentials vulnerability in AMI Megarac Sp-X 12/13
AMI SPx contains a vulnerability in the BMC where an Attacker may cause a use of hard-coded cryptographic key by a hard-coded certificate.
network
low complexity
ami CWE-798
critical
 9.8
9.8
2023-06-12 CVE-2023-34342 Path Traversal vulnerability in AMI Megarac Sp-X
AMI BMC contains a vulnerability in the IPMI handler, where an attacker can upload and download arbitrary files under certain circumstances, which may lead to denial of service, escalation of privileges, information disclosure, or data tampering.
network
low complexity
ami CWE-22
critical
 9.1
9.1
2023-04-18 CVE-2023-28863 Insufficient Verification of Data Authenticity vulnerability in AMI Megarac Sp-X 12/13
AMI MegaRAC SPx12 and SPx13 devices have Insufficient Verification of Data Authenticity.
network
low complexity
ami CWE-345
critical
 9.1
9.1
2022-12-05 CVE-2022-40259 Improper Authentication vulnerability in AMI Megarac Sp-X 12/13
MegaRAC Default Credentials Vulnerability
network
low complexity
ami CWE-287
critical
 9.8
9.8
2022-12-05 CVE-2022-40242 Improper Authentication vulnerability in AMI Megarac Sp-X 12/13
MegaRAC Default Credentials Vulnerability
network
low complexity
ami CWE-287
critical
 9.8
9.8