Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

AMI — Vulnerabilities & Security Advisories 60

Browse all 60 CVE security advisories affecting AMI. AI-powered Chinese analysis, POCs, and references for each vulnerability.

AMI, formerly American Megatrends, primarily develops BIOS firmware and embedded software for enterprise servers, workstations, and IoT devices. Its extensive codebase has historically exposed numerous security flaws, resulting in approximately 60 recorded Common Vulnerabilities and Exposures. These defects predominantly involve remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from insufficient input validation or improper access controls within the firmware interfaces. Notable incidents include critical flaws allowing attackers to bypass authentication mechanisms or execute arbitrary commands with elevated privileges, potentially compromising system integrity. The company has addressed many of these issues through firmware updates, yet the complexity of legacy systems continues to pose risks. Security researchers frequently highlight the importance of regular patching and secure configuration practices to mitigate these persistent threats associated with AMI’s widely deployed infrastructure components.

Top products by AMI: AptioV MegaRAC_SPx Aptio MegaRAC SPx12 MegaRAC SPx-12 MegaRAC_SPx12 MegaRAC-SPx
CVE IDTitleCVSSSeverityPublished
CVE-2023-39537 Improper input validation in BIOS TCG2 — AptioVCWE-20 7.5 High2023-11-14
CVE-2023-39536 Improper input validation in BIOS OFBD — AptioVCWE-20 7.5 High2023-11-14
CVE-2023-39535 Improper input validation in BIOS — AptioVCWE-20 7.5 High2023-11-14
CVE-2023-34470 Improper access control — AptioVCWE-284 6.8 Medium2023-09-12
CVE-2023-34469 Cold Rest Vulnerabiltiy — AptioVCWE-284 4.9 Medium2023-09-12
CVE-2023-34330 Code injection via Dynamic Redfish Extension interface — MegaRAC_SPx12CWE-94 8.2 High2023-07-18
CVE-2023-34329 Authentication Bypass via HTTP Header Spoofing — MegaRAC_SPx12CWE-306 8.4 High2023-07-18
CVE-2023-34473 Usage of Hard-coded Credentials — MegaRAC_SPxCWE-798 6.6 Medium2023-07-05
CVE-2023-34472 AMI MegaRAC 安全漏洞 — MegaRAC_SPxCWE-113 5.7 Medium2023-07-05
CVE-2023-34471 Missing Cryptographic Step — MegaRAC_SPxCWE-325 6.3 Medium2023-07-05
CVE-2023-34338 hard coded cryptographic key — MegaRAC_SPxCWE-321 7.1 High2023-07-05
CVE-2023-34337 Inadequate Encryption Strength — MegaRAC_SPxCWE-326 7.6 High2023-07-05
CVE-2023-34336 BMC AMI 安全漏洞 — MegaRAC_SPxCWE-120 8.1 High2023-06-12
CVE-2023-34335 BMC AMI 访问控制错误漏洞 — MegaRAC_SPxCWE-288 7.7 High2023-06-12
CVE-2023-34334 BMC AMI 操作系统命令注入漏洞 — MegaRAC_SPxCWE-78 7.2 High2023-06-12
CVE-2023-34343 BMC AMI 操作系统命令注入漏洞 — MegaRAC_SPxCWE-78 7.2 High2023-06-12
CVE-2023-34342 BMC AMI 路径遍历漏洞 — MegaRAC_SPxCWE-22 6.0 Medium2023-06-12
CVE-2023-34341 BMC AMI 缓冲区错误漏洞 — MegaRAC_SPxCWE-119 7.2 High2023-06-12
CVE-2023-34345 BMC AMI 路径遍历漏洞 — MegaRAC_SPxCWE-22 6.5 Medium2023-06-12
CVE-2023-34344 A vulnerability in the IPMI handler, where an unauthorized attacker can use certain oracles to guess a valid username — MegaRAC_SPxCWE-203 5.3 Medium2023-06-12
CVE-2022-40258 Weak password hashes for Redfish & API — MegaRAC SPx-12CWE-916 5.3 Medium2023-01-31
CVE-2022-26872 Password reset interception via API — MegaRAC SPx-12CWE-640 8.3 High2023-01-30
CVE-2022-2827 AMI MegaRAC User Enumeration Vulnerability — MegaRAC SPx12CWE-200 7.5 High2022-12-05
CVE-2022-40259 MegaRAC Default Credentials Vulnerability — MegaRAC SPx12CWE-798 8.3 High2022-12-05
CVE-2022-40242 MegaRAC Default Credentials Vulnerability — MegaRAC SPx12CWE-798 7.5 High2022-12-05
CVE-2022-40262 The arbitrary write vulnerability in S3Resume2Pei leads to arbitrary code execution during PEI phase. — AptioCWE-123 8.2 -2022-09-20
CVE-2022-40261 SMM memory corruption vulnerability in OverClockSmiHandler SMM driver — AptioCWE-120 8.2 -2022-09-20
CVE-2022-40250 Stack overflow vulnerability in SMI handler on SmmSmbiosElog. — AptioCWE-121 8.2 -2022-09-20
CVE-2022-40246 Arbitrary write vulnerability in SbPei module leads to arbitrary code execution during PEI phase. — AptioCWE-123 8.2 -2022-09-20
CVE-2022-26873 The stack buffer overflow vulnerability in PlatformInitAdvancedPreMem leads to arbitrary code execution during PEI phase. — AptioCWE-121 8.2 -2022-09-20

This page lists every published CVE security advisory associated with AMI. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.