CVE-2022-40258

AMI Megarac Weak password hashes for Redfish & API

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023001.pdf	Vendor Advisory
https://security.netapp.com/advisory/ntap-20230731-0008/

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:ami:megarac_spx-12::::::::
	cpe:2.3:o:ami:megarac_spx-13::::::::

History

31 Jul 2023, 19:15

Type	Values Removed	Values Added
References		(MISC) https://security.netapp.com/advisory/ntap-20230731-0008/ -
Summary	~~AMI Megarac Weak password hashes for Redfish & API~~	AMI Megarac Weak password hashes for Redfish & API

07 Feb 2023, 15:45

Type	Values Removed	Values Added
CWE		CWE-916
References	~~(MISC) https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023001.pdf -~~	(MISC) https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023001.pdf - Vendor Advisory
CPE		cpe:2.3:o:ami:megarac_spx-13:::::::: cpe:2.3:o:ami:megarac_spx-12::::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.3
First Time		Ami megarac Spx-12 Ami Ami megarac Spx-13

31 Jan 2023, 01:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-01-31 01:15

Updated : 2023-12-10 14:48

NVD link : CVE-2022-40258

Mitre link : CVE-2022-40258

CVE.ORG link : CVE-2022-40258

JSON object : View

Products Affected

ami

megarac_spx-12
megarac_spx-13

CWE

CWE-916

Use of Password Hash With Insufficient Computational Effort

5.3 /10