CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2023-34335
https://notcve.org/view.php?id=CVE-2023-34335
AMI BMC contains a vulnerability in the IPMI handler, where an unauthenticated host is allowed to write to a host SPI flash, bypassing secure boot protections. An exploitation of this vulnerability may lead to a loss of integrity or denial of service. • https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023005.pdf • CWE-288: Authentication Bypass Using an Alternate Path or Channel CWE-306: Missing Authentication for Critical Function •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2022-40258 – Weak password hashes for Redfish & API
https://notcve.org/view.php?id=CVE-2022-40258
AMI Megarac Weak password hashes for Redfish & API • https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023001.pdf https://security.netapp.com/advisory/ntap-20230731-0008 • CWE-916: Use of Password Hash With Insufficient Computational Effort •