Vulnerabilities > AMI > High

DATE CVE VULNERABILITY TITLE RISK
2023-11-14 CVE-2023-39535 Unspecified vulnerability in AMI Aptio V
AMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper input validation via the local network.
local
low complexity
ami
7.8
2023-11-14 CVE-2023-39536 Unspecified vulnerability in AMI Aptio V
AMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper input validation via the local network.
local
low complexity
ami
7.8
2023-11-14 CVE-2023-39537 Unspecified vulnerability in AMI Aptio V
AMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper input validation via the local network.
local
low complexity
ami
7.8
2023-09-12 CVE-2023-34470 Unspecified vulnerability in AMI Aptio V
AMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper access control via the local network.
local
low complexity
ami
7.8
2023-07-18 CVE-2023-34329 Authentication Bypass by Spoofing vulnerability in AMI Megarac Sp-X 12/13
AMI MegaRAC SPx12 contains a vulnerability in BMC where a User may cause an authentication bypass by spoofing the HTTP header.
low complexity
ami CWE-290
8.0
2023-07-18 CVE-2023-34330 Code Injection vulnerability in AMI Megarac Sp-X 12/13
AMI SPx contains a vulnerability in the BMC where a user may inject code which could be executed via a Dynamic Redfish Extension interface.
network
low complexity
ami CWE-94
8.8
2023-07-05 CVE-2023-34337 Inadequate Encryption Strength vulnerability in AMI Megarac Sp-X 12/13
AMI SPx contains a vulnerability in the BMC where a user may cause an inadequate encryption strength by hash-based message authentication code (HMAC).
network
low complexity
ami CWE-326
8.8
2023-07-05 CVE-2023-34471 Unspecified vulnerability in AMI Megarac Sp-X 12/13
AMI SPx contains a vulnerability in the BMC where a user may cause a missing cryptographic step by generating a hash-based message authentication code (HMAC).
network
low complexity
ami
8.1
2023-07-05 CVE-2023-34473 Use of Hard-coded Credentials vulnerability in AMI Megarac Sp-X 12/13
AMI SPx contains a vulnerability in the BMC where a valid user may cause a use of hard-coded credentials.
network
low complexity
ami CWE-798
8.8
2023-06-12 CVE-2023-34334 OS Command Injection vulnerability in AMI Megarac Sp-X
AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure, or data tampering.  
network
low complexity
ami CWE-78
8.8