AMI 安全公告
我们致力于为我们的产品提供最高级别的安全性,我们的 AMI 安全团队随时待命,提供快速响应。
AMI产品安全事件响应团队(PSIRT)能够快速高效地响应任何已发现的漏洞,并通过版本发布、AMI安全公告和其他沟通渠道,为我们的OEM/ODM客户以及整个行业提供修复方案。我们致力于确保产品安全,从发现漏洞到公开披露,全程守护客户。
请阅读AMI首席信息安全官的声明。
AMI发布的安全公告提供针对AMI产品潜在漏洞的修复方案或临时解决方案。AMI持续与客户和合作伙伴携手合作,及时提供更新,以帮助降低安全漏洞风险。
对于有安全建议相关问题的客户,请联系您的 AMI 销售代表。
AMI 安全公告:
如有文档编号和 CVE 编号,请一并提供。
AMI-SA-2025009
| Vulnerabilities | CVSS Score | AMI Security Advisory | Published Date | Last Revised |
| CVE-2025-58770 | 7.2 | AMI-SA-2025009 | 12/12/25 | 12/12/25 |
AMI-SA-2025008
| Vulnerabilities | CVSS Score | AMI Security Advisory | Published Date | Last Revised |
| CVE-2025-22831 | 5.9 | AMI-SA-2025008 | 10/14/25 | 10/15/25 |
| CVE-2025-22832 | 5.9 | AMI-SA-2025008 | 10/14/25 | 10/15/25 |
| CVE-2025-22833 | 4.6 | AMI-SA-2025008 | 10/14/25 | 10/15/25 |
| CVE-2025-33044 | 5.9 | AMI-SA-2025008 | 10/14/25 | 10/15/25 |
AMI-SA-2025007
| Vulnerabilities | CVSS Score | AMI Security Advisory | Published Date | Last Revised |
| CVE-2025-33045 | 8.2 | AMI-SA-2025007 | 09/09/25 | 09/09/25 |
AMI-SA-2025006
| Vulnerabilities | CVSS Score | AMI Security Advisory | Published Date | Last Revised |
| CVE-2025-22834 | 4.2 | AMI-SA-2025006 | 08/12/25 | 08/12/25 |
| CVE-2025-22830 | 7.3 | AMI-SA-2025006 | 08/12/25 | 08/12/25 |
AMI-SA-2025005
| Vulnerabilities | CVSS Score | AMI Security Advisory | Published Date | Last Revised |
| CVE-2025-33043 | 5.8 | AMI-SA-2025005 | 05/29/25 | 05/29/25 |
AMI-SA-2025004
| Vulnerabilities | CVSS Score | AMI Security Advisory | Published Date | Last Revised |
| CVE-2024-42446 | 7.5 | AMI-SA-2025004 | 05/13/25 | 05/13/25 |
AMI-SA-2025003
| Vulnerabilities | CVSS Score | AMI Security Advisory | Published Date | Last Revised |
| CVE-2024-54084 | 7.5 | AMI-SA-2025003 | 03/11/25 | 03/13/25 |
| CVE-2024-54085 | 10.0 | AMI-SA-2025003 | 03/11/25 | 03/13/25 |
AMI-SA-2025002
| Vulnerabilities | CVSS Score | AMI Security Advisory | Published Date | Last Revised |
| CVE-2024-33659 |
5.7 | AMI-SA-2025002 | 02/11/25 | 02/11/25 |
AMI-SA-2025001
| Vulnerabilities | CVSS Score | AMI Security Advisory | Published Date | Last Revised |
| CVE-2024-42444 | 7.5 | AMI-SA-2025001 | 01/14/25 | 01/14/25 |
AMI-SA-2024004
| Vulnerabilities | CVSS Score | AMI Security Advisory | Published Date | Last Revised |
| CVE-2024-2315 | 6.8 | AMI-SA-2024004 | 11/12/24 | 11/12/24 |
| CVE-2024-33658 | 4.4 | AMI-SA-2024004 | 11/12/24 | 11/12/24 |
| CVE-2024-33660 | 5.2 | AMI-SA-2024004 | 11/12/24 | 11/12/24 |
| CVE-2024-42442 | 7.2 | AMI-SA-2024004 | 11/12/24 | 11/12/24 |
AMI-SA-2024003
| Vulnerabilities | CVSS Score | AMI Security Advisory | Published Date | Last Revised |
| CVE-2024-33657 | 7.8 | AMI-SA-2024003 | 8/19/24 | 8/19/24 |
| CVE-2024-33656 | 7.8 | AMI-SA-2024003 | 8/19/24 | 8/19/24 |
AMI-SA-2024002
| Vulnerabilities | CVSS Score | AMI Security Advisory | Published Date | Last Revised |
| CVE-2018-25103 | 2.3 | AMI-SA-2024002 | 4/15/24 | 7/09/24 |
AMI-SA-2024001
| Vulnerabilities | CVSS Score | AMI Security Advisory | Published Date | Last Revised |
| CVE-2023-45229 | 6.5 | AMI-SA-2024001 | 1/16/24 | 1/16/24 |
| CVE-2023-45230 | 8.3 | AMI-SA-2024001 | 1/16/24 | 1/16/24 |
| CVE-2023-45231 | 6.5 | AMI-SA-2024001 | 1/16/24 | 1/16/24 |
| CVE-2023-45232 | 7.5 | AMI-SA-2024001 | 1/16/24 | 1/16/24 |
| CVE-2023-45233 | 7.5 | AMI-SA-2024001 | 1/16/24 | 1/16/24 |
| CVE-2023-45234 | 8.3 | AMI-SA-2024001 | 1/16/24 | 1/16/24 |
| CVE-2023-45235 | 8.3 | AMI-SA-2024001 | 1/16/24 | 1/16/24 |
AMI-SA-2023010
| Vulnerabilities | CVSS Score | AMI Security Advisory | Published Date | Last Revised |
| CVE-2023-37293 | 9.6 | AMI-SA-2023010 | 1/09/24 | 1/09/24 |
| CVE-2023-37296 | 8.3 | AMI-SA-2023010 | 1/09/24 | 1/09/24 |
| CVE-2023-37297 | 8.3 | AMI-SA-2023010 | 1/09/24 | 1/09/24 |
| CVE-2023-37295 | 8.3 | AMI-SA-2023010 | 1/09/24 | 1/09/24 |
| CVE-2023-37294 | 8.3 | AMI-SA-2023010 | 1/09/24 | 1/09/24 |
| CVE-2023-3043 | 9.6 | AMI-SA-2023010 | 1/09/24 | 1/09/24 |
| CVE-2023-34333 | 7.8 | AMI-SA-2023010 | 1/09/24 | 1/09/24 |
| CVE-2023-34332 | 7.8 | AMI-SA-2023010 | 1/09/24 | 1/09/24 |
AMI-SA-2023009
| Vulnerabilities | CVSS Score | AMI Security Advisory | Published Date | Last Revised |
| CVE-2023-39538 | 7.5 | AMI-SA-2023009 | 12/06/23 | 12/06/23 |
| CVE-2023-39539 | 7.5 | AMI-SA-2023009 | 12/06/23 | 12/06/23 |
AMI-SA-2023008
| Vulnerabilities | CVSS Score | AMI Security Advisory | Published Date | Last Revised |
| CVE-2023-39535 | 7.5 | AMI-SA-2023008 | 11/14/23 | 11/14/23 |
| CVE-2023-39536 | 7.5 | AMI-SA-2023008 | 11/14/23 | 11/14/23 |
| CVE-2023-39537 | 7.5 | AMI-SA-2023008 | 11/14/23 | 11/14/23 |
AMI-SA-2023007
| Vulnerabilities | CVSS Score | AMI Security Advisory | Published Date | Last Revised |
| CVE-2023-34469 | 4.9 | AMI-SA-2023007 | 09/12/23 | 09/25/23 |
| CVE-2023-34470 | 6.8 | AMI-SA-2023007 | 09/12/23 | 09/25/23 |
AMI-SA-2023006
| Vulnerabilities | CVSS Score | AMI Security Advisory | Published Date | Last Revised |
| CVE-2023-34472 | 5.7 | AMI-SA-2023006 | 7/05/23 | 7/05/23 |
| CVE-2023-34473 | 6.6 | AMI-SA-2023006 | 7/05/23 | 7/05/23 |
| CVE-2023-34471 | 6.3 | AMI-SA-2023006 | 7/05/23 | 7/05/23 |
| CVE-2023-34337 | 7.6 | AMI-SA-2023006 | 7/05/23 | 7/05/23 |
| CVE-2023-34338 | 7.1 | AMI-SA-2023006 | 7/05/23 | 7/05/23 |
| CVE-2023-34329 | 9.1 | AMI-SA-2023006 | 7/18/23 | 7/18/23 |
| CVE-2023-34330 | 8.2 | AMI-SA-2023006 | 7/18/23 | 7/18/23 |
AMI-SA-2023005
| Vulnerabilities | CVSS Score | AMI Security Advisory | Published Date | Last Revised |
| CVE-2023-34344 | 5.3 | AMI-SA-2023005 | 6/12/23 | 6/12/23 |
| CVE-2023-25191 | 7.5 | AMI-SA-2023005 | 6/12/23 | 6/12/23 |
| CVE-2023-34345 | 6.5 | AMI-SA-2023005 | 6/12/23 | 6/12/23 |
| CVE-2023-34341 | 7.2 | AMI-SA-2023005 | 6/12/23 | 6/12/23 |
| CVE-2023-34342 | 6.0 | AMI-SA-2023005 | 6/12/23 | 6/12/23 |
| CVE-2023-34343 | 7.2 | AMI-SA-2023005 | 6/12/23 | 6/12/23 |
| CVE-2023-34334 | 7.2 | AMI-SA-2023005 | 6/12/23 | 6/12/23 |
| CVE-2023-34335 | 7.7 | AMI-SA-2023005 | 6/12/23 | 6/12/23 |
| CVE-2023-34336 | 8.1 | AMI-SA-2023005 | 6/12/23 | 6/12/23 |
AMI-SA-2023004
| Vulnerabilities | CVSS Score | AMI Security Advisory | Published Date | Last Revised |
| CVE-2023-29552 | 6.5 | AMI-SA-2023004 | 5/01/23 | 5/01/23 |
AMI-SA-2023003
| Vulnerabilities | CVSS Score | AMI Security Advisory | Published Date | Last Revised |
| CVE-2023-28863 | 5.9 | AMI-SA-2023003 | 4/04/23 | 4/04/23 |
AMI-SA-2023002
| Vulnerabilities | CVSS Score | AMI Security Advisory | Published Date | Last Revised |
| CVE-2023-25191 | 9.1 | AMI-SA-2023002 | 2/14/23 | 2/14/23 |
| CVE-2023-25192 | 5.3 | AMI-SA-2023002 | 2/14/23 | 2/14/23 |
AMI-SA-2023001
| Vulnerabilities | CVSS Score | AMI Security Advisory | Published Date | Last Revised |
| CVE-2022-40258 | 5.3 | AMI-SA-2023001 | 1/30/23 | 2/01/23 |
| CVE-2022-26872 | 8.3 | AMI-SA-2023001 | 1/30/23 | 2/01/23 |
| CVE-2022-40259 | 9.9 | AMI-SA-2023001 | 1/30/23 | 2/01/23 |
| CVE-2022-2827 | 7.5 | AMI-SA-2023001 | 1/30/23 | 2/01/23 |
| CVE-2022-40242 | 9.7 | AMI-SA-2023001 | 1/30/23 | 2/01/23 |
AMI-SA-2022001
| Vulnerabilities | CVSS Score | AMI Security Advisory | Published Date | Last Revised |
| CVE-2021-44769 | 4.9 | AMI-SA-2022001 | 12/20/22 | 12/20/22 |
| CVE-2021-46279 | 5.8 | AMI-SA-2022001 | 12/20/22 | 12/20/22 |
| CVE-2021-45925 | 5.3 | AMI-SA-2022001 | 12/20/22 | 12/20/22 |
| CVE-2021-4228 | 5.8 | AMI-SA-2022001 | 12/20/22 | 12/20/22 |
向 AMI 报告安全问题
请提供尽可能多的信息,包括:
- 受影响的产品和版本。
- 漏洞的详细描述。
- 已知漏洞信息。
Aptio UEFI BIOS 固件
If you have information about a security issue or vulnerability with a BIOS Product from AMI, please send an email to the AMI BIOS Security Team at biossecurity@ami.com. For added security, we recommend using AMI’s provided Encryption Key to encrypt sensitive information before sending. A member of the BIOS Security Team will review your email and contact you to collaborate on resolving the issue.
MegaRAC BMC 固件
如果您掌握有关 AMI MegaRAC 产品安全问题或漏洞的信息,请发送电子邮件至 AMI MegaRAC 安全团队。 megarac.security@ami.com为了提高安全性,我们建议您使用 AMI 提供的加密密钥对敏感信息进行加密后再发送。MegaRAC 安全团队成员将审核您的邮件,并与您联系以共同解决问题。
Tektagon固件
如果您掌握有关 AMI 旗下 Tektagon 产品安全问题或漏洞的信息,请发送电子邮件至 AMI Tektagon 安全团队。tektagonsecurity@ami.com为了提高安全性,我们建议您使用 AMI 提供的加密密钥对敏感信息进行加密后再发送。Tektagon 安全团队成员将审核您的邮件,并与您联系以共同解决问题。
用于安全数据传输的加密密钥
良好的安全实践是只信任 经过验证的加密密钥。不要信任未经验证的加密密钥。同样重要的是,要验证您的 AMI 公钥副本,以确保其合法性。
验证您的 AMI 公钥以确保其合法性。仅信任经过验证的加密密钥是一种良好的安全实践。
AMI 安全团队关键信息
- 用户 ID:AMI 产品安全事件响应团队 biossecurity@ami.com
- 创建时间:2025年4月15日 18:49:27 UTC
- 有效期至:2027年4月15日 18:49:26 UTC
- 类型:2048 位 RSA(提供密钥)
- 用途:签名、加密、认证用户ID
- 指纹:6e88bbdff4440f8e8eaf3750a4addcf1bf83c633
请注意,此加密密钥同时用于 MegaRAC 和 BIOS 安全。但是,请使用上方提供的 AMI 安全团队密钥信息。