Missing Cryptographic Step

CVE-2023-34471

Medium

6.3/10

Summary

AMI SPx contains a vulnerability in the BMC where a user may cause a missing cryptographic step by generating a hash-based message authentication code (HMAC). A successful exploit of this vulnerability may lead to the loss confidentiality, integrity, and authentication.

Attack Complexity: HIGH
Attack Vector: ADJACENT_NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: HIGH
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-325 - Missing Cryptographic Step

The product does not implement a required step in a cryptographic algorithm, resulting in weaker encryption than advertised by the algorithm.

References

Advisory Timeline

Published Jul 05, 2023

Missing Cryptographic Step

CVE-2023-34471

Summary

CWE-325 - Missing Cryptographic Step

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS