CVE-2023-37295 – This vulnerability in AMI's SPx BMC allows atta... (How to Fix)

Q: What is the severity of CVE-2023-37295?

CVE-2023-37295 has a CVSS score of 8.3 (HIGH). This vulnerability in AMI's SPx BMC allows attackers on adjacent networks to cause heap memory corruption, potentially leading to remote code execution or system compromise. It affects systems using vulnerable AMI SPx BMC firmware versions.

📋 TL;DR

This vulnerability in AMI's SPx BMC allows attackers on adjacent networks to cause heap memory corruption, potentially leading to remote code execution or system compromise. It affects systems using vulnerable AMI SPx BMC firmware versions.

💻 Affected Systems

Products:

AMI SPx Baseboard Management Controller (BMC)

Versions: Specific versions not detailed in provided references; consult vendor advisory for exact affected versions.

Operating Systems: BMC firmware, not host OS dependent

Default Config Vulnerable: ⚠️ Yes

Notes: Affects BMC firmware on servers using AMI SPx management controllers. Requires adjacent network access to exploit.

📦 What is this software?

Megarac Sp X by Ami

View all CVEs affecting Megarac Sp X →

Megarac Sp X by Ami

View all CVEs affecting Megarac Sp X →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise via remote code execution, allowing attacker to gain full control over the BMC and potentially the host system.

🟠

Likely Case

System instability, crashes, or denial of service affecting BMC functionality and potentially the managed server.

🟢

If Mitigated

Limited impact if network segmentation prevents adjacent network access to BMC interfaces.

🌐 Internet-Facing: MEDIUM - Requires adjacent network access, but many BMCs are exposed on management networks that could be compromised.

🏢 Internal Only: HIGH - BMCs are typically on internal management networks where adjacent attacks are feasible.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Heap corruption vulnerabilities typically require specific conditions to achieve reliable exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check vendor advisory for specific patched firmware versions

Vendor Advisory: https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023010.pdf

Restart Required: Yes

Instructions:

1. Download patched firmware from AMI. 2. Follow vendor's BMC firmware update procedure. 3. Reboot BMC after update. 4. Verify firmware version.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate BMC management interfaces to dedicated, restricted networks

Access Control Lists

all

Implement strict network ACLs to limit access to BMC interfaces

🧯 If You Can't Patch

Implement strict network segmentation to isolate BMC interfaces
Monitor BMC network traffic for suspicious activity

🔍 How to Verify

Check if Vulnerable:

Check BMC firmware version against vendor advisory; if using AMI SPx BMC, assume vulnerable unless confirmed patched.

Check Version:

ipmitool mc info | grep 'Firmware Revision' (or use vendor-specific BMC management tools)

Verify Fix Applied:

Verify BMC firmware version matches patched version from vendor advisory.

📡 Detection & Monitoring

Log Indicators:

BMC crash logs
Unexpected BMC reboots
Memory corruption errors in BMC logs

Network Indicators:

Unusual network traffic to BMC management ports
Multiple connection attempts to BMC

SIEM Query:

source="bmc_logs" AND ("crash" OR "memory" OR "corruption")

📊 Metadata

CVE ID: CVE-2023-37295

CVSS v3 Score: 8.3 (HIGH)

CVSS Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-122

Published: January 9, 2024

Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-37295, you might also want to check these: