AMI Security Advisories

Committed to providing the highest level of security in our products, with our AMI Security Team standing by for a rapid response.

AMI’s Product Security Incident Response Team (PSIRT) is equipped to respond quickly and efficiently to any identified vulnerabilities and provide remediations to our OEM/ODM customers, as well as the industry at large, through releases, AMI security advisories, and other communication channels. We are committed to ensuring the security of our products from vulnerability sighting to public disclosure.

Read the statement from AMI’s Chief Information Security Officer.

Security advisories from AMI provide fixes or workarounds for potential vulnerabilities associated with AMI products. AMI continuously works with customers and partners to provide timely updates to help mitigate security vulnerabilities.

For customers who have questions related to security advisories, please contact AMI Sales Representative.

AMI Security Advisories:

Document and CVE #s to be provided when available

AMI-SA-2024003
Vulnerabilities CVSS Score AMI Security Advisory Published Date Last Revised
CVE-2024-33657 7.8 AMI-SA-2024003  8/19/24 8/19/24
CVE-2024-33656 7.8 AMI-SA-2024003  8/19/24 8/19/24

 

AMI-SA-2024002
Vulnerabilities CVSS Score AMI Security Advisory Published Date Last Revised
CVE-2018-25103 2.3 AMI-SA-2024002  4/15/24 7/09/24
AMI-SA-2024001
Vulnerabilities CVSS Score AMI Security Advisory Published Date Last Revised
CVE-2023-45229 6.5 AMI-SA-2024001 1/16/24 1/16/24
CVE-2023-45230  8.3 AMI-SA-2024001 1/16/24 1/16/24
CVE-2023-45231  6.5 AMI-SA-2024001 1/16/24 1/16/24
CVE-2023-45232  7.5 AMI-SA-2024001 1/16/24 1/16/24
CVE-2023-45233  7.5 AMI-SA-2024001 1/16/24 1/16/24
CVE-2023-45234  8.3 AMI-SA-2024001 1/16/24 1/16/24
CVE-2023-45235 8.3 AMI-SA-2024001 1/16/24 1/16/24
AMI-SA-2023010
Vulnerabilities CVSS Score AMI Security Advisory Published Date Last Revised
CVE-2023-37293 9.6 AMI-SA-2023010 1/09/24 1/09/24
CVE-2023-37296 8.3 AMI-SA-2023010 1/09/24 1/09/24
CVE-2023-37297 8.3 AMI-SA-2023010 1/09/24 1/09/24
CVE-2023-37295 8.3 AMI-SA-2023010 1/09/24 1/09/24
CVE-2023-37294 8.3 AMI-SA-2023010 1/09/24 1/09/24
CVE-2023-3043 9.6 AMI-SA-2023010 1/09/24 1/09/24
CVE-2023-34333 7.8 AMI-SA-2023010 1/09/24 1/09/24
CVE-2023-34332 7.8 AMI-SA-2023010 1/09/24 1/09/24
AMI-SA-2023009
Vulnerabilities CVSS Score AMI Security Advisory Published Date Last Revised
CVE-2023-39538 7.5 AMI-SA-2023009 12/06/23 12/06/23
CVE-2023-39539 7.5 AMI-SA-2023009 12/06/23 12/06/23

 

AMI-SA-2023008
Vulnerabilities CVSS Score AMI Security Advisory Published Date Last Revised
CVE-2023-39535 7.5 AMI-SA-2023008 11/14/23 11/14/23
CVE-2023-39536 7.5 AMI-SA-2023008 11/14/23 11/14/23
CVE-2023-39537 7.5 AMI-SA-2023008 11/14/23 11/14/23

 

AMI-SA-2023007
Vulnerabilities CVSS Score AMI Security Advisory Published Date Last Revised
CVE-2023-34469 4.9 AMI-SA-2023007 09/12/23 09/25/23
CVE-2023-34470 6.8 AMI-SA-2023007 09/12/23 09/25/23

 

AMI-SA-2023006
Vulnerabilities CVSS Score AMI Security Advisory Published Date Last Revised
CVE-2023-34472 5.7 AMI-SA-2023006 7/05/23 7/05/23
CVE-2023-34473 6.6 AMI-SA-2023006 7/05/23 7/05/23
CVE-2023-34471 6.3 AMI-SA-2023006 7/05/23 7/05/23
CVE-2023-34337 7.6 AMI-SA-2023006 7/05/23 7/05/23
CVE-2023-34338 7.1 AMI-SA-2023006 7/05/23 7/05/23
CVE-2023-34329 9.1 AMI-SA-2023006 7/18/23 7/18/23
CVE-2023-34330 8.2 AMI-SA-2023006 7/18/23 7/18/23

 

AMI-SA-2023005
Vulnerabilities CVSS Score AMI Security Advisory Published Date Last Revised
CVE-2023-34344 5.3 AMI-SA-2023005 6/12/23 6/12/23
CVE-2023-25191 7.5 AMI-SA-2023005 6/12/23 6/12/23
CVE-2023-34345 6.5 AMI-SA-2023005 6/12/23 6/12/23
CVE-2023-34341 7.2 AMI-SA-2023005 6/12/23 6/12/23
CVE-2023-34342 6.0 AMI-SA-2023005 6/12/23 6/12/23
CVE-2023-34343 7.2 AMI-SA-2023005 6/12/23 6/12/23
CVE-2023-34334 7.2 AMI-SA-2023005 6/12/23 6/12/23
CVE-2023-34335 7.7 AMI-SA-2023005 6/12/23 6/12/23
CVE-2023-34336 8.1 AMI-SA-2023005 6/12/23 6/12/23
AMI-SA-2023004
Vulnerabilities CVSS Score AMI Security Advisory Published Date Last Revised
CVE-2023-29552 6.5 AMI-SA-2023004 5/01/23 5/01/23
AMI-SA-2023003
Vulnerabilities CVSS Score AMI Security Advisory Published Date Last Revised
CVE-2023-28863 5.9 AMI-SA-2023003  4/04/23 4/04/23
AMI-SA-2023002
Vulnerabilities CVSS Score AMI Security Advisory Published Date Last Revised
CVE-2023-25191 9.1 AMI-SA-2023002  2/14/23 2/14/23
CVE-2023-25192 5.3 AMI-SA-2023002  2/14/23 2/14/23
AMI-SA-2023001
Vulnerabilities CVSS Score AMI Security Advisory Published Date Last Revised
CVE-2022-40258 5.3 AMI-SA-2023001 1/30/23 2/01/23
CVE-2022-26872 8.3 AMI-SA-2023001 1/30/23 2/01/23
CVE-2022-40259 9.9 AMI-SA-2023001 1/30/23 2/01/23
CVE-2022-2827 7.5 AMI-SA-2023001 1/30/23 2/01/23
CVE-2022-40242 9.7 AMI-SA-2023001 1/30/23 2/01/23
AMI-SA-2022001
Vulnerabilities CVSS Score AMI Security Advisory Published Date Last Revised
CVE-2021-44769 4.9 AMI-SA-2022001 12/20/22 12/20/22
CVE-2021-46279 5.8 AMI-SA-2022001 12/20/22 12/20/22
CVE-2021-45925 5.3 AMI-SA-2022001 12/20/22 12/20/22
CVE-2021-4228 5.8 AMI-SA-2022001 12/20/22 12/20/22

Report a Security Issue to AMI

Please provide as much information as possible, including:

  • The products and versions affected.
  • A detailed description of the vulnerability.
  • Information on known exploits.
Aptio UEFI BIOS Firmware
If you have information about a security issue or vulnerability with a BIOS Product from AMI, please send an email to the AMI BIOS Security Team at [email protected]. For added security, we recommend using AMI’s provided Encryption Key to encrypt sensitive information before sending. A member of the BIOS Security Team will review your email and contact you to collaborate on resolving the issue.
MegaRAC BMC Firmware
If you have information about a security issue or vulnerability with a MegaRAC Product from AMI, please send an email to the AMI MegaRAC Security Team at [email protected]. For added security, we recommend using AMI’s provided Encryption Key to encrypt sensitive information before sending. A member of the MegaRAC Security Team will review your email and contact you to collaborate on resolving the issue.
Tektagon Firmware
If you have information about a security issue or vulnerability with a Tektagon Product from AMI, please send an email to the AMI Tektagon Security Team at [email protected]. For added security, we recommend using AMI’s provided Encryption Key to encrypt sensitive information before sending. A member of the Tektagon Security Team will review your email and contact you to collaborate on resolving the issue.

Security ArticLes

Encryption Key for Secure Data Transmission

AMI recommends that you encrypt sensitive information to protect it from being viewed by unintended recipients. AMI can exchange emails with you using encryption. AMI highly suggests that you encrypt and decrypt email communications between AMI and yourself using an email client that supports encryption.

It is good security practice that you only trust validated encryption keys. Do not trust encryption keys that have not been validated. It is important to also validate your copy of the AMI public encryption key to ensure it is legitimate.

AMI Security Team Key Information

  • User-ID: AMI Product Security Incident Response Team  [email protected]
  • Created: 12/16/2022 5:52 PM
  • Expires: 12/16/2024 12:00 PM
  • Type: 2048-bit RSA (secret key available)
  • Usage:  Signing, Encryption, Certifying User-IDs
  • Fingerprint: 8AC7EBE6D9FBB2762FBD96605A0C97566041B6BC

Please note that this encryption key is for both the MegaRAC and BIOS security. However, please use the AMI Security Team Key Information as provided above.