Critical Vulnerability Found in AMI BMC Software – Patch Your Systems Now

CVECVE-2023-34330
CVSScvssV3_1: 8.2
SourceCVE-2023-34330

AMI SPx, which is BMC software used to remotely manage servers, contains a vulnerability that could allow an attacker to inject and execute malicious code.

The vulnerability exists in the Dynamic Redfish Extension interface of the BMC. This interface allows extensions to be dynamically loaded and run. An attacker could potentially craft an extension payload that contains malicious code and inject it via this interface.

If successfully exploited, this could allow the attacker to compromise the confidentiality, integrity and availability of the system. They may be able to access sensitive information, make unauthorized changes or even render the system unavailable.

It has been given a CVSS score of 8.2 out of 10, which means it is considered a highly critical issue. Attackers need only low privileges to exploit it remotely without authentication.

To protect yourself, you should immediately apply the patches released by AMI to fix this vulnerability. Ensure your BMC software is updated to the latest version. Also consider disabling or restricting the Dynamic Redfish Extension interface if it is not required.

Taking prompt action will help prevent remote attackers from gaining control of your servers through this critical vulnerability in the AMI BMC software. Contact AMI support if you need assistance patching your systems.

References