CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-34333 – Untrusted Pointer Dereference
https://notcve.org/view.php?id=CVE-2023-34333
AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause an untrusted pointer to dereference via a local network. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability. El SPx de AMI contiene una vulnerabilidad en el BMC donde un atacante puede provocar que un puntero que no es de confianza elimine la referencia a través de una red local. Una explotación exitosa de esta vulnerabilidad puede conducir a una pérdida de confidencialidad, integridad y/o disponibilidad. • https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023010.pdf • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-822: Untrusted Pointer Dereference •
CVSS: 9.6EPSS: 0%CPEs: 2EXPL: 0CVE-2023-3043 – Stack-based Buffer Overflow BMC
https://notcve.org/view.php?id=CVE-2023-3043
AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause a stack-based buffer overflow via an adjacent network. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability. El SPx de AMI contiene una vulnerabilidad en el BMC donde un atacante puede provocar un desbordamiento de búfer en la región stack de la memoria a través de una red adyacente. Una explotación exitosa de esta vulnerabilidad puede conducir a una pérdida de confidencialidad, integridad y/o disponibilidad. • https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023010.pdf • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-34332 – Untrusted Pointer Dereference in BMC
https://notcve.org/view.php?id=CVE-2023-34332
AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause an untrusted pointer to dereference by a local network. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability. El SPx de AMI contiene una vulnerabilidad en el BMC donde un atacante puede provocar que una red local elimine la referencia de un puntero que no es de confianza. Una explotación exitosa de esta vulnerabilidad puede conducir a una pérdida de confidencialidad, integridad y/o disponibilidad. • https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023010.pdf • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-822: Untrusted Pointer Dereference •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-34330 – Code injection via Dynamic Redfish Extension interface
https://notcve.org/view.php?id=CVE-2023-34330
AMI SPx contains a vulnerability in the BMC where a user may inject code which could be executed via a Dynamic Redfish Extension interface. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity, and availability. • https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023006.pdf https://security.netapp.com/advisory/ntap-20230814-0004 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2023-34329 – Authentication Bypass via HTTP Header Spoofing
https://notcve.org/view.php?id=CVE-2023-34329
AMI MegaRAC SPx12 contains a vulnerability in BMC where a User may cause an authentication bypass by spoofing the HTTP header. A successful exploit of this vulnerability may lead to loss of confidentiality, integrity, and availability. • https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023006.pdf https://security.netapp.com/advisory/ntap-20230814-0004 • CWE-290: Authentication Bypass by Spoofing CWE-306: Missing Authentication for Critical Function •