Vlad Babkin

**Name of the Vulnerable Software and Affected Versions** AMI MegaRAC SPx12 (affected versions not specified) **Description** The issue allows a user to bypass authentication by spoofing the HTTP header, potentially leading to loss of confidentiality, integrity, and availability. This is achieved by exploiting a vulnerability in the BMC of the affected system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MegaRAC (affected versions not specified) **Description** The issue is related to errors in code generation in the AMI MegaRAC Redfish API interface, which can be exploited by a remote attacker to execute arbitrary code by sending a specially crafted HTTP request. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AMI MegaRAC Baseboard Management Controller (BMC) (affected versions not specified) **Description** The issue is related to the use of hardcoded credentials in the AMI MegaRAC Baseboard Management Controller (BMC) firmware. An attacker can exploit this to gain full access to the device remotely via SSH. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AMI MegaRAC (affected versions not specified) **Description** The issue is related to insufficient protection of service data in the implementation of the application programming interface of the AMI MegaRAC firmware controllers for remote management. Exploitation of this issue may allow a remote attacker to gain unauthorized access to protected information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.