Shodan
Vulnerabilities
Vulnerable Software
Ami:  >> Megarac Sp-X  >> 12  Security Vulnerabilities
CVE-2023-34330
AMI SPx contains a vulnerability in the BMC where a user may inject code which could be executed via a Dynamic Redfish Extension interface. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity, and availability.
CVSS Score
8.2
EPSS Score
0.0
Published
2023-07-18
CVE-2023-34472
AMI SPx contains a vulnerability in the BMC where an Attacker may cause an improper neutralization of CRLF sequences in HTTP Headers. A successful exploit of this vulnerability may lead to a loss of integrity.
CVSS Score
5.7
EPSS Score
0.002
Published
2023-07-05
CVE-2023-34473
AMI SPx contains a vulnerability in the BMC where a valid user may cause a use of hard-coded credentials. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity, and availability.
CVSS Score
6.6
EPSS Score
0.001
Published
2023-07-05
CVE-2023-34337
AMI SPx contains a vulnerability in the BMC where a user may cause an inadequate encryption strength by hash-based message authentication code (HMAC). A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity, and availability.
CVSS Score
7.6
EPSS Score
0.001
Published
2023-07-05
CVE-2023-34338
AMI SPx contains a vulnerability in the BMC where an Attacker may cause a use of hard-coded cryptographic key by a hard-coded certificate. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity, and availability. 
CVSS Score
7.1
EPSS Score
0.002
Published
2023-07-05
CVE-2023-34471
AMI SPx contains a vulnerability in the BMC where a user may cause a missing cryptographic step by generating a hash-based message authentication code (HMAC). A successful exploit of this vulnerability may lead to the loss confidentiality, integrity, and authentication.
CVSS Score
6.3
EPSS Score
0.001
Published
2023-07-05
CVE-2023-28863
AMI MegaRAC SPx12 and SPx13 devices have Insufficient Verification of Data Authenticity.
CVSS Score
9.1
EPSS Score
0.002
Published
2023-04-18
CVE-2023-25191
AMI MegaRAC SPX devices allow Password Disclosure through Redfish. The fixed versions are SPx_12-update-7.00 and SPx_13-update-5.00.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-02-15
CVE-2023-25192
AMI MegaRAC SPX devices allow User Enumeration through Redfish. The fixed versions are SPx12-update-7.00 and SPx13-update-5.00.
CVSS Score
5.3
EPSS Score
0.002
Published
2023-02-15
CVE-2022-26872
AMI Megarac Password reset interception via API
CVSS Score
8.3
EPSS Score
0.001
Published
2023-01-30


Products
Pricing
Contact Us

Shodan ® - All rights reserved