Vulnerabilities > AMI > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-05 | CVE-2023-34338 | Use of Hard-coded Credentials vulnerability in AMI Megarac Sp-X 12/13 AMI SPx contains a vulnerability in the BMC where an Attacker may cause a use of hard-coded cryptographic key by a hard-coded certificate. | 9.8 |
| 2023-06-12 | CVE-2023-34335 | Missing Authentication for Critical Function vulnerability in AMI Megarac SPX AMI BMC contains a vulnerability in the IPMI handler, where an unauthenticated host is allowed to write to a host SPI flash, bypassing secure boot protections. | 9.1 |
| 2023-06-12 | CVE-2023-34342 | Path Traversal vulnerability in AMI Megarac Sp-X AMI BMC contains a vulnerability in the IPMI handler, where an attacker can upload and download arbitrary files under certain circumstances, which may lead to denial of service, escalation of privileges, information disclosure, or data tampering. | 9.1 |
| 2023-04-18 | CVE-2023-28863 | Insufficient Verification of Data Authenticity vulnerability in AMI Megarac Sp-X 12/13 AMI MegaRAC SPx12 and SPx13 devices have Insufficient Verification of Data Authenticity. | 9.1 |
| 2022-12-05 | CVE-2022-40242 | Improper Authentication vulnerability in AMI Megarac Sp-X 12/13 MegaRAC Default Credentials Vulnerability | 9.8 |
| 2022-12-05 | CVE-2022-40259 | Improper Authentication vulnerability in AMI Megarac Sp-X 12/13 MegaRAC Default Credentials Vulnerability | 9.8 |