CVE-2023-34472 - OpenCVE

AMI SPx contains a vulnerability in the BMC where an Attacker may cause an improper neutralization of CRLF sequences in HTTP Headers. A successful exploit of this vulnerability may lead to a loss of integrity.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Ami	Megarac Sp-x

Configuration 1 [-]

OR	cpe:2.3:o:ami:megarac_sp-x:12:-::::::
	cpe:2.3:o:ami:megarac_sp-x:13:-::::::

References

Link	Resource
https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023006.pdf	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: AMI

Published: 2023-07-05T18:08:16.990Z

Updated: 2023-07-05T18:08:16.990Z

Reserved: 2023-06-07T03:10:19.974Z

Link: CVE-2023-34472

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-07-05T19:15:10.017

Modified: 2023-07-12T17:39:18.737

Link: CVE-2023-34472

JSON object: View

Redhat Information

No data.

CWE

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-34472", "assignerOrgId": "7e9044f1-7f56-4c38-8864-c0c7302263d6", "state": "PUBLISHED", "assignerShortName": "AMI", "dateReserved": "2023-06-07T03:10:19.974Z", "datePublished": "2023-07-05T18:08:16.990Z", "dateUpdated": "2023-07-05T18:08:16.990Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["ARM"], "product": "MegaRAC_SPx", "vendor": "AMI", "versions": [{"lessThan": "12.7", "status": "affected", "version": "12.0", "versionType": "RC"}, {"lessThan": "13.5", "status": "affected", "version": "13.0", "versionType": "RC"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "AMI SPx contains a vulnerability in the BMC where an Attacker may cause an improper neutralization of CRLF sequences in HTTP Headers. A successful exploit of this vulnerability may lead to a loss of integrity.\n\n<br><br>"}], "value": "AMI SPx contains a vulnerability in the BMC where an Attacker may cause an improper neutralization of CRLF sequences in HTTP Headers. A successful exploit of this vulnerability may lead to a loss of integrity.\n\n\n\n"}], "impacts": [{"capecId": "CAPEC-105", "descriptions": [{"lang": "en", "value": "CAPEC-105 HTTP Request Splitting"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-113", "description": "CWE-113", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-93", "description": "CWE-93 ", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7e9044f1-7f56-4c38-8864-c0c7302263d6", "shortName": "AMI", "dateUpdated": "2023-07-05T18:08:16.990Z"}, "references": [{"url": "https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023006.pdf"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}