CVE-2023-34343: OS Command Injection
First published: Mon Jun 12 2023(Updated: )
AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure, or data tampering.
Credit: biossecurity@ami.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ami Megarac Sp-x | >=12.0<12.7 | |
| Ami Megarac Sp-x | >=13.0<13.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this AMI BMC vulnerability?
The vulnerability ID for this AMI BMC vulnerability is CVE-2023-34343.
What is the severity rating of CVE-2023-34343?
CVE-2023-34343 has a severity rating of 8.8, which is considered high.
What is the affected software for CVE-2023-34343?
The affected software for CVE-2023-34343 is Ami Megarac Sp-x version 12.0 to 12.7 and version 13.0 to 13.5.
How can an attacker exploit CVE-2023-34343?
An attacker with the required privileges can exploit CVE-2023-34343 by injecting arbitrary shell commands through the SPX REST API.
Are there any references available for CVE-2023-34343?
Yes, you can find more information about CVE-2023-34343 in the following reference: [https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023005.pdf](https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023005.pdf)
- collector/nvd-index
- agent/references
- agent/severity
- agent/author
- agent/weakness
- agent/tags
- agent/type
- agent/description
- agent/event
- agent/softwarecombine
- agent/last-modified-date
- vendor/ami
- canonical/ami megarac sp-x
- version/ami megarac sp-x/12.0
- version/ami megarac sp-x/13.0