Vulnerabilities > AMI > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-07-05 CVE-2023-34338 Use of Hard-coded Credentials vulnerability in AMI Megarac Sp-X 12/13
AMI SPx contains a vulnerability in the BMC where an Attacker may cause a use of hard-coded cryptographic key by a hard-coded certificate.
network
low complexity
ami CWE-798
critical
9.8
2023-06-12 CVE-2023-34335 Missing Authentication for Critical Function vulnerability in AMI Megarac SPX 12.0/13.0
AMI BMC contains a vulnerability in the IPMI handler, where an unauthenticated host is allowed to write to a host SPI flash, bypassing secure boot protections.
network
low complexity
ami CWE-306
critical
9.1
2023-06-12 CVE-2023-34342 Path Traversal vulnerability in AMI Megarac Sp-X
AMI BMC contains a vulnerability in the IPMI handler, where an attacker can upload and download arbitrary files under certain circumstances, which may lead to denial of service, escalation of privileges, information disclosure, or data tampering.
network
low complexity
ami CWE-22
critical
9.1
2023-04-18 CVE-2023-28863 Insufficient Verification of Data Authenticity vulnerability in AMI Megarac Sp-X 12/13
AMI MegaRAC SPx12 and SPx13 devices have Insufficient Verification of Data Authenticity.
network
low complexity
ami CWE-345
critical
9.1
2022-12-05 CVE-2022-40242 Improper Authentication vulnerability in AMI Megarac Sp-X 12/13
MegaRAC Default Credentials Vulnerability
network
low complexity
ami CWE-287
critical
9.8
2022-12-05 CVE-2022-40259 Improper Authentication vulnerability in AMI Megarac Sp-X 12/13
MegaRAC Default Credentials Vulnerability
network
low complexity
ami CWE-287
critical
9.8