CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-34332 – Untrusted Pointer Dereference in BMC
https://notcve.org/view.php?id=CVE-2023-34332
09 Jan 2024 — AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause an untrusted pointer to dereference by a local network. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability. El SPx de AMI contiene una vulnerabilidad en el BMC donde un atacante puede provocar que una red local elimine la referencia de un puntero que no es de confianza. Una explotación exitosa de esta vulnerabilidad puede conducir a una pérdida de confidencialidad, int... • https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023010.pdf • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-822: Untrusted Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-39538 – Failure when uploading a Logo image file
https://notcve.org/view.php?id=CVE-2023-39538
06 Dec 2023 — AMI AptioV contains a vulnerability in BIOS where a User may cause an unrestricted upload of a BMP Logo file with dangerous type by Local access. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability. AMI AptioV contiene una vulnerabilidad en BIOS donde un usuario puede provocar una carga sin restricciones de un archivo de logotipo BMP con un tipo peligroso mediante acceso local. Una explotación exitosa de esta vulnerabilidad puede provocar una pérd... • https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023009.pdf • CWE-20: Improper Input Validation CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-39539 – Failure when uploading a Logo image file
https://notcve.org/view.php?id=CVE-2023-39539
06 Dec 2023 — AMI AptioV contains a vulnerability in BIOS where a User may cause an unrestricted upload of a PNG Logo file with dangerous type by Local access. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability. AMI AptioV contiene una vulnerabilidad en BIOS donde un usuario puede provocar una carga sin restricciones de un archivo de logotipo PNG con un tipo peligroso mediante acceso local. Una explotación exitosa de esta vulnerabilidad puede provocar una pérd... • https://github.com/AdamWen230/CVE-2023-39539-PoC • CWE-20: Improper Input Validation CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-39537 – Improper input validation in BIOS TCG2
https://notcve.org/view.php?id=CVE-2023-39537
14 Nov 2023 — AMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper input validation via the local network. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity and availability. AMI AptioV contiene una vulnerabilidad en el BIOS donde un atacante puede utilizar una validación de entrada incorrecta a través de la red local. Una explotación exitosa de esta vulnerabilidad puede provocar una pérdida de confidencialidad, integridad y disponibilidad. • https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023008.pdf • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-39536 – Improper input validation in BIOS OFBD
https://notcve.org/view.php?id=CVE-2023-39536
14 Nov 2023 — AMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper input validation via the local network. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity and availability. AMI AptioV contiene una vulnerabilidad en el BIOS donde un atacante puede utilizar una validación de entrada incorrecta a través de la red local. Una explotación exitosa de esta vulnerabilidad puede provocar una pérdida de confidencialidad, integridad y disponibilidad. • https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023008.pdf • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-39535 – Improper input validation in BIOS
https://notcve.org/view.php?id=CVE-2023-39535
14 Nov 2023 — AMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper input validation via the local network. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity and availability. AMI AptioV contiene una vulnerabilidad en el BIOS donde un atacante puede utilizar una validación de entrada incorrecta a través de la red local. Una explotación exitosa de esta vulnerabilidad puede provocar una pérdida de confidencialidad, integridad y disponibilidad. • https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023008.pdf • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-34470 – Improper access control
https://notcve.org/view.php?id=CVE-2023-34470
12 Sep 2023 — AMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper access control via the local network. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity and availability. AMI AptioV contiene una vulnerabilidad en el BIOS donde un atacante puede utilizar un control de acceso inadecuado a través de la red local. Una explotación exitosa de esta vulnerabilidad puede provocar la pérdida de confidencialidad, integridad y disponibilidad. • https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023007.pdf • CWE-284: Improper Access Control •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-34469 – Cold Rest Vulnerabiltiy
https://notcve.org/view.php?id=CVE-2023-34469
12 Sep 2023 — AMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper access control via the physical network. A successful exploit of this vulnerability may lead to a loss of confidentiality. AMI AptioV contiene una vulnerabilidad en el BIOS donde un atacante puede utilizar un control de acceso inadecuado a través de la red física. Una explotación exitosa de esta vulnerabilidad puede provocar la pérdida de confidencialidad. • https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023007.pdf • CWE-284: Improper Access Control •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-34330 – Code injection via Dynamic Redfish Extension interface
https://notcve.org/view.php?id=CVE-2023-34330
18 Jul 2023 — AMI SPx contains a vulnerability in the BMC where a user may inject code which could be executed via a Dynamic Redfish Extension interface. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity, and availability. • https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023006.pdf • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2023-34329 – Authentication Bypass via HTTP Header Spoofing
https://notcve.org/view.php?id=CVE-2023-34329
18 Jul 2023 — AMI MegaRAC SPx12 contains a vulnerability in BMC where a User may cause an authentication bypass by spoofing the HTTP header. A successful exploit of this vulnerability may lead to loss of confidentiality, integrity, and availability. • https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023006.pdf • CWE-290: Authentication Bypass by Spoofing CWE-306: Missing Authentication for Critical Function •