CVE-2023-34471— Missing Cryptographic Step

CVSS 6.3 · Medium EPSS 0.08% · P24 Updated Jan 25, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2023-34471

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Missing Cryptographic Step

Source: NVD (National Vulnerability Database)

Vulnerability Description

AMI SPx contains a vulnerability in the BMC where a user may cause a missing cryptographic step by generating a hash-based message authentication code (HMAC). A successful exploit of this vulnerability may lead to the loss confidentiality, integrity, and authentication.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

Source: NVD (National Vulnerability Database)

Vulnerability Type

缺少必要的密码学步骤

Source: NVD (National Vulnerability Database)

Vulnerability Title

AMI MegaRAC 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

AMI MegaRAC是AMI公司的一系列服务处理器产品。可独立于操作系统状态或位置对计算机系统进行完整的带外或无灯光远程管理，以对计算机进行故障排除并确保服务的连续性。 AMI MegaRAC 存在安全漏洞，该漏洞源于允许攻击者通过生成基于哈希的消息身份验证代码(HMAC)导致加密步骤丢失。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
AMI	MegaRAC_SPx	12 ~ 12.2	-

II. Public POCs for CVE-2023-34471

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2023-34471

请登录查看更多情报信息。

Same Patch Batch · AMI · 2023-07-05 · 5 CVEs total

CVE-2023-34337	7.6 HIGH	Inadequate Encryption Strength
CVE-2023-34338	7.1 HIGH	hard coded cryptographic key
CVE-2023-34473	6.6 MEDIUM	Usage of Hard-coded Credentials
CVE-2023-34472	5.7 MEDIUM	AMI MegaRAC 安全漏洞

IV. Related Vulnerabilities

Same product: MegaRAC_SPx

Same vendor: AMI

Same weakness: CWE-325

V. Comments for CVE-2023-34471

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2023-34471— Missing Cryptographic Step

I. Basic Information for CVE-2023-34471

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2023-34471

III. Intelligence Information for CVE-2023-34471

Same Patch Batch · AMI · 2023-07-05 · 5 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2023-34471

Leave a comment