CVE-2023-34472
CVE-2023-34472
In short
AMI SPx BMC contains a flaw that allows attackers to inject carriage return and line feed characters into HTTP headers, potentially allowing them to manipulate responses or inject malicious content that users will trust.
Technical detail
CWE-113 (Improper Neutralization of CRLF Sequences in HTTP Headers) allows an unauthenticated or low-privileged attacker to inject CRLF characters into HTTP response headers via the BMC interface, potentially enabling HTTP response splitting attacks. The vulnerability impacts integrity of HTTP communications and may allow header injection or cache poisoning depending on downstream processing.
Summary generated and translated by AI from the official description.
AMI SPx contains a vulnerability in the BMC where an Attacker may cause an improper neutralization of CRLF sequences in HTTP Headers. A successful exploit of this vulnerability may lead to a loss of integrity.
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Affected products
AMI · MegaRAC_SPxWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →