Skip to main content

Megarac Sp X CVE-2023-37293

CRITICAL
Stack-based Buffer Overflow (CWE-121)
2024-01-09 biossecurity@ami.com
9.6
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.6 CRITICAL
AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Mar 28, 2026 - 19:34 vuln.today
CVE Published
Jan 09, 2024 - 23:15 nvd
CRITICAL 9.6

DescriptionCVE.org

AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause a stack-based buffer overflow via an adjacent network. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability.

AnalysisAI

AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause a stack-based buffer overflow via an adjacent network. Rated critical severity (CVSS 9.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-121. AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause a stack-based buffer overflow via an adjacent network. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability. Affected products include: Ami Megarac Sp-X.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2023-34338 CRITICAL
9.8 Jul 05

AMI SPx contains a vulnerability in the BMC where an Attacker may cause a use of hard-coded cryptographic key by a hard-

CVE-2022-40259 CRITICAL
9.8 Dec 05

MegaRAC Default Credentials Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitabl

CVE-2022-40242 CRITICAL
9.8 Dec 05

MegaRAC Default Credentials Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitabl

CVE-2023-3043 CRITICAL
9.6 Jan 09

AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause a stack-based buffer overflow via an adjacent

CVE-2023-34342 CRITICAL
9.1 Jun 12

AMI BMC contains a vulnerability in the IPMI handler, where an attacker can upload and download arbitrary files under ce

CVE-2023-28863 CRITICAL
9.1 Apr 18

AMI MegaRAC SPx12 and SPx13 devices have Insufficient Verification of Data Authenticity. Rated critical severity (CVSS 9

CVE-2023-34330 HIGH
8.8 Jul 18

AMI SPx contains a vulnerability in the BMC where a user may inject code which could be executed via a Dynamic Redfish E

CVE-2023-34473 HIGH
8.8 Jul 05

AMI SPx contains a vulnerability in the BMC where a valid user may cause a use of hard-coded credentials. Rated high sev

CVE-2023-34337 HIGH
8.8 Jul 05

AMI SPx contains a vulnerability in the BMC where a user may cause an inadequate encryption strength by hash-based messa

CVE-2023-34343 HIGH
8.8 Jun 12

AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can inject arbitrar

CVE-2023-34336 HIGH
8.8 Jun 12

AMI BMC contains a vulnerability in the IPMI handler, where an attacker with the required privileges can cause a buffer

CVE-2023-34334 HIGH
8.8 Jun 12

AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can inject arbitrar

Share

CVE-2023-37293 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy