VYPR

MegaRAC

by Ami

CVEs (32)

  • CVE-2024-54085CriKEVMar 11, 2025
    risk 0.81cvss 9.8epss 0.61

    AMI’s SPx contains a vulnerability in the BMC where an Attacker may bypass authentication remotely through the Redfish Host Interface. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability.

  • CVE-2023-3043CriJan 9, 2024
    risk 0.62cvss 9.6epss 0.00

    AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause a stack-based buffer overflow via an adjacent network. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability. …

  • CVE-2023-37293CriJan 9, 2024
    risk 0.62cvss 9.6epss 0.00

    AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause a stack-based buffer overflow via an adjacent network. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability.

  • CVE-2023-34329CriJul 18, 2023
    risk 0.59cvss 9.1epss 0.01

    AMI MegaRAC SPx12 contains a vulnerability in BMC where a User may cause an authentication bypass by spoofing the HTTP header. A successful exploit of this vulnerability may lead to loss of confidentiality, integrity, and availability.

  • CVE-2023-28863CriApr 18, 2023
    risk 0.59cvss 9.1epss 0.00

    AMI MegaRAC SPx12 and SPx13 devices have Insufficient Verification of Data Authenticity.

  • CVE-2023-37297HigJan 9, 2024
    risk 0.54cvss 8.3epss 0.00

    AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause a heap memory corruption via an adjacent network. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability.

  • CVE-2023-37296HigJan 9, 2024
    risk 0.54cvss 8.3epss 0.00

    AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause a stack memory corruption via an adjacent network. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability.

  • CVE-2023-37295HigJan 9, 2024
    risk 0.54cvss 8.3epss 0.00

    AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause a heap memory corruption via an adjacent network. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability. …

  • CVE-2023-37294HigJan 9, 2024
    risk 0.54cvss 8.3epss 0.00

    AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause a heap memory corruption via an adjacent network. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability. …

  • CVE-2022-26872HigJan 30, 2023
    risk 0.54cvss 8.3epss 0.01

    AMI Megarac Password reset interception via API

  • CVE-2022-40259HigDec 5, 2022
    risk 0.54cvss 8.3epss 0.01

    MegaRAC Default Credentials Vulnerability

  • CVE-2023-34330HigJul 18, 2023
    risk 0.53cvss 8.2epss 0.01

    AMI SPx contains a vulnerability in the BMC where a user may inject code which could be executed via a Dynamic Redfish Extension interface. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity, and availability.

  • CVE-2023-34336HigJun 12, 2023
    risk 0.53cvss 8.1epss 0.01

    AMI BMC contains a vulnerability in the IPMI handler, where an attacker with the required privileges can cause a buffer overflow, which may lead to code execution, denial of service, or escalation of privileges.  

  • CVE-2023-34333HigJan 9, 2024
    risk 0.51cvss 7.8epss 0.00

    AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause an untrusted pointer to dereference via a local network. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability. …

  • CVE-2023-34332HigJan 9, 2024
    risk 0.51cvss 7.8epss 0.00

    AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause an untrusted pointer to dereference by a local network. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability. …

  • CVE-2023-34335HigJun 12, 2023
    risk 0.50cvss 7.7epss 0.00

    AMI BMC contains a vulnerability in the IPMI handler, where an unauthenticated host is allowed to write to a host SPI flash, bypassing secure boot protections. An exploitation of this vulnerability may lead to a loss of integrity or denial of service.  

  • CVE-2023-34337HigJul 5, 2023
    risk 0.49cvss 7.6epss 0.00

    AMI SPx contains a vulnerability in the BMC where a user may cause an inadequate encryption strength by hash-based message authentication code (HMAC). A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity, and availability.

  • CVE-2023-25191HigFeb 15, 2023
    risk 0.49cvss 7.5epss 0.01

    AMI MegaRAC SPX devices allow Password Disclosure through Redfish. The fixed versions are SPx_12-update-7.00 and SPx_13-update-5.00.

  • CVE-2022-40242HigDec 5, 2022
    risk 0.49cvss 7.5epss 0.01

    MegaRAC Default Credentials Vulnerability

  • CVE-2022-2827HigDec 5, 2022
    risk 0.49cvss 7.5epss 0.02

    AMI MegaRAC User Enumeration Vulnerability

Page 1 of 2