AMI 安全公告

我们致力于为我们的产品提供最高级别的安全性,我们的 AMI 安全团队随时待命,提供快速响应。

AMI产品安全事件响应团队(PSIRT)能够快速高效地响应任何已发现的漏洞,并通过版本发布、AMI安全公告和其他沟通渠道,为我们的OEM/ODM客户以及整个行业提供修复方案。我们致力于确保产品安全,从发现漏洞到公开披露,全程守护客户。

请阅读AMI首席信息安全官的声明。

AMI发布的安全公告提供针对AMI产品潜在漏洞的修复方案或临时解决方案。AMI持续与客户和合作伙伴携手合作,及时提供更新,以帮助降低安全漏洞风险。

对于有安全建议相关问题的客户,请联系您的 AMI 销售代表。

AMI 安全公告:

如有文档编号和 CVE 编号,请一并提供。

AMI-SA-2025009
Vulnerabilities CVSS Score AMI Security Advisory Published Date Last Revised
CVE-2025-58770 7.2 AMI-SA-2025009 12/12/25 12/12/25

 

AMI-SA-2025008
Vulnerabilities CVSS Score AMI Security Advisory Published Date Last Revised
CVE-2025-22831 5.9 AMI-SA-2025008 10/14/25 10/15/25
CVE-2025-22832 5.9 AMI-SA-2025008 10/14/25 10/15/25
CVE-2025-22833 4.6 AMI-SA-2025008 10/14/25 10/15/25
CVE-2025-33044 5.9 AMI-SA-2025008 10/14/25 10/15/25

 

AMI-SA-2025007
Vulnerabilities CVSS Score AMI Security Advisory Published Date Last Revised
CVE-2025-33045 8.2 AMI-SA-2025007 09/09/25 09/09/25

 

AMI-SA-2025006
Vulnerabilities CVSS Score AMI Security Advisory Published Date Last Revised
CVE-2025-22834 4.2 AMI-SA-2025006 08/12/25 08/12/25
CVE-2025-22830 7.3 AMI-SA-2025006 08/12/25 08/12/25

 

AMI-SA-2025005
Vulnerabilities CVSS Score AMI Security Advisory Published Date Last Revised
CVE-2025-33043 5.8 AMI-SA-2025005 05/29/25 05/29/25

 

AMI-SA-2025004
Vulnerabilities CVSS Score AMI Security Advisory Published Date Last Revised
CVE-2024-42446 7.5 AMI-SA-2025004 05/13/25 05/13/25

 

AMI-SA-2025003
Vulnerabilities CVSS Score AMI Security Advisory Published Date Last Revised
CVE-2024-54084 7.5 AMI-SA-2025003 03/11/25 03/13/25
CVE-2024-54085 10.0 AMI-SA-2025003 03/11/25 03/13/25

 

AMI-SA-2025002
Vulnerabilities CVSS Score AMI Security Advisory Published Date Last Revised
CVE-2024-33659
5.7 AMI-SA-2025002  02/11/25 02/11/25

 

AMI-SA-2025001
Vulnerabilities CVSS Score AMI Security Advisory Published Date Last Revised
CVE-2024-42444 7.5 AMI-SA-2025001  01/14/25 01/14/25

 

AMI-SA-2024004
Vulnerabilities CVSS Score AMI Security Advisory Published Date Last Revised
CVE-2024-2315 6.8 AMI-SA-2024004  11/12/24 11/12/24
CVE-2024-33658 4.4 AMI-SA-2024004  11/12/24 11/12/24
CVE-2024-33660 5.2 AMI-SA-2024004  11/12/24 11/12/24
CVE-2024-42442 7.2 AMI-SA-2024004   11/12/24 11/12/24

 

AMI-SA-2024003
Vulnerabilities CVSS Score AMI Security Advisory Published Date Last Revised
CVE-2024-33657 7.8 AMI-SA-2024003  8/19/24 8/19/24
CVE-2024-33656 7.8 AMI-SA-2024003  8/19/24 8/19/24

 

AMI-SA-2024002
Vulnerabilities CVSS Score AMI Security Advisory Published Date Last Revised
CVE-2018-25103 2.3 AMI-SA-2024002  4/15/24 7/09/24
AMI-SA-2024001
Vulnerabilities CVSS Score AMI Security Advisory Published Date Last Revised
CVE-2023-45229 6.5 AMI-SA-2024001 1/16/24 1/16/24
CVE-2023-45230  8.3 AMI-SA-2024001 1/16/24 1/16/24
CVE-2023-45231  6.5 AMI-SA-2024001 1/16/24 1/16/24
CVE-2023-45232  7.5 AMI-SA-2024001 1/16/24 1/16/24
CVE-2023-45233  7.5 AMI-SA-2024001 1/16/24 1/16/24
CVE-2023-45234  8.3 AMI-SA-2024001 1/16/24 1/16/24
CVE-2023-45235 8.3 AMI-SA-2024001 1/16/24 1/16/24
AMI-SA-2023010
Vulnerabilities CVSS Score AMI Security Advisory Published Date Last Revised
CVE-2023-37293 9.6 AMI-SA-2023010 1/09/24 1/09/24
CVE-2023-37296 8.3 AMI-SA-2023010 1/09/24 1/09/24
CVE-2023-37297 8.3 AMI-SA-2023010 1/09/24 1/09/24
CVE-2023-37295 8.3 AMI-SA-2023010 1/09/24 1/09/24
CVE-2023-37294 8.3 AMI-SA-2023010 1/09/24 1/09/24
CVE-2023-3043 9.6 AMI-SA-2023010 1/09/24 1/09/24
CVE-2023-34333 7.8 AMI-SA-2023010 1/09/24 1/09/24
CVE-2023-34332 7.8 AMI-SA-2023010 1/09/24 1/09/24
AMI-SA-2023009
Vulnerabilities CVSS Score AMI Security Advisory Published Date Last Revised
CVE-2023-39538 7.5 AMI-SA-2023009 12/06/23 12/06/23
CVE-2023-39539 7.5 AMI-SA-2023009 12/06/23 12/06/23

 

AMI-SA-2023008
Vulnerabilities CVSS Score AMI Security Advisory Published Date Last Revised
CVE-2023-39535 7.5 AMI-SA-2023008 11/14/23 11/14/23
CVE-2023-39536 7.5 AMI-SA-2023008 11/14/23 11/14/23
CVE-2023-39537 7.5 AMI-SA-2023008 11/14/23 11/14/23

 

AMI-SA-2023007
Vulnerabilities CVSS Score AMI Security Advisory Published Date Last Revised
CVE-2023-34469 4.9 AMI-SA-2023007 09/12/23 09/25/23
CVE-2023-34470 6.8 AMI-SA-2023007 09/12/23 09/25/23

 

AMI-SA-2023006
Vulnerabilities CVSS Score AMI Security Advisory Published Date Last Revised
CVE-2023-34472 5.7 AMI-SA-2023006 7/05/23 7/05/23
CVE-2023-34473 6.6 AMI-SA-2023006 7/05/23 7/05/23
CVE-2023-34471 6.3 AMI-SA-2023006 7/05/23 7/05/23
CVE-2023-34337 7.6 AMI-SA-2023006 7/05/23 7/05/23
CVE-2023-34338 7.1 AMI-SA-2023006 7/05/23 7/05/23
CVE-2023-34329 9.1 AMI-SA-2023006 7/18/23 7/18/23
CVE-2023-34330 8.2 AMI-SA-2023006 7/18/23 7/18/23

 

AMI-SA-2023005
Vulnerabilities CVSS Score AMI Security Advisory Published Date Last Revised
CVE-2023-34344 5.3 AMI-SA-2023005 6/12/23 6/12/23
CVE-2023-25191 7.5 AMI-SA-2023005 6/12/23 6/12/23
CVE-2023-34345 6.5 AMI-SA-2023005 6/12/23 6/12/23
CVE-2023-34341 7.2 AMI-SA-2023005 6/12/23 6/12/23
CVE-2023-34342 6.0 AMI-SA-2023005 6/12/23 6/12/23
CVE-2023-34343 7.2 AMI-SA-2023005 6/12/23 6/12/23
CVE-2023-34334 7.2 AMI-SA-2023005 6/12/23 6/12/23
CVE-2023-34335 7.7 AMI-SA-2023005 6/12/23 6/12/23
CVE-2023-34336 8.1 AMI-SA-2023005 6/12/23 6/12/23
AMI-SA-2023004
Vulnerabilities CVSS Score AMI Security Advisory Published Date Last Revised
CVE-2023-29552 6.5 AMI-SA-2023004 5/01/23 5/01/23
AMI-SA-2023003
Vulnerabilities CVSS Score AMI Security Advisory Published Date Last Revised
CVE-2023-28863 5.9 AMI-SA-2023003  4/04/23 4/04/23
AMI-SA-2023002
Vulnerabilities CVSS Score AMI Security Advisory Published Date Last Revised
CVE-2023-25191 9.1 AMI-SA-2023002  2/14/23 2/14/23
CVE-2023-25192 5.3 AMI-SA-2023002  2/14/23 2/14/23
AMI-SA-2023001
Vulnerabilities CVSS Score AMI Security Advisory Published Date Last Revised
CVE-2022-40258 5.3 AMI-SA-2023001 1/30/23 2/01/23
CVE-2022-26872 8.3 AMI-SA-2023001 1/30/23 2/01/23
CVE-2022-40259 9.9 AMI-SA-2023001 1/30/23 2/01/23
CVE-2022-2827 7.5 AMI-SA-2023001 1/30/23 2/01/23
CVE-2022-40242 9.7 AMI-SA-2023001 1/30/23 2/01/23
AMI-SA-2022001
Vulnerabilities CVSS Score AMI Security Advisory Published Date Last Revised
CVE-2021-44769 4.9 AMI-SA-2022001 12/20/22 12/20/22
CVE-2021-46279 5.8 AMI-SA-2022001 12/20/22 12/20/22
CVE-2021-45925 5.3 AMI-SA-2022001 12/20/22 12/20/22
CVE-2021-4228 5.8 AMI-SA-2022001 12/20/22 12/20/22

向 AMI 报告安全问题

请提供尽可能多的信息,包括:

  • 受影响的产品和版本。
  • 漏洞的详细描述。
  • 已知漏洞信息。
Aptio UEFI BIOS 固件

If you have information about a security issue or vulnerability with a BIOS Product from AMI, please send an email to the AMI BIOS Security Team at biossecurity@ami.com. For added security, we recommend using AMI’s provided Encryption Key to encrypt sensitive information before sending. A member of the BIOS Security Team will review your email and contact you to collaborate on resolving the issue.

MegaRAC BMC 固件

如果您掌握有关 AMI MegaRAC 产品安全问题或漏洞的信息,请发送电子邮件至 AMI MegaRAC 安全团队。 megarac.security@ami.com为了提高安全性,我们建议您使用 AMI 提供的加密密钥对敏感信息进行加密后再发送。MegaRAC 安全团队成员将审核您的邮件,并与您联系以共同解决问题。

Tektagon固件

如果您掌握有关 AMI 旗下 Tektagon 产品安全问题或漏洞的信息,请发送电子邮件至 AMI Tektagon 安全团队。tektagonsecurity@ami.com为了提高安全性,我们建议您使用 AMI 提供的加密密钥对敏感信息进行加密后再发送。Tektagon 安全团队成员将审核您的邮件,并与您联系以共同解决问题。

用于安全数据传输的加密密钥

良好的安全实践是只信任 经过验证的加密密钥。不要信任未经验证的加密密钥。同样重要的是,要验证您的 AMI 公钥副本,以确保其合法性。

验证您的 AMI 公钥以确保其合法性。仅信任经过验证的加密密钥是一种良好的安全实践。

AMI 安全团队关键信息
  • 用户 ID:AMI 产品安全事件响应团队  biossecurity@ami.com
  • 创建时间:2025年4月15日 18:49:27 UTC
  • 有效期至:2027年4月15日 18:49:26 UTC
  • 类型:2048 位 RSA(提供密钥)
  • 用途:签名、加密、认证用户ID
  • 指纹:6e88bbdff4440f8e8eaf3750a4addcf1bf83c633

请注意,此加密密钥同时用于 MegaRAC 和 BIOS 安全。但是,请使用上方提供的 AMI 安全团队密钥信息。

翻译强力驱动

下载许可协议

本声明专门针对本网站 (ami.com) 或任何其他由 AMI 所有、运营、许可或控制的网站上提供的软件。

 任何可从本服务器下载的软件(“软件”)均为 AMI 和/或其供应商的版权作品。软件的使用受随附或包含于软件中的最终用户许可协议(如有)(“许可协议”)条款的约束。最终用户必须首先同意许可协议的条款,才能安装任何随附或包含许可协议的软件。

 本软件仅供最终用户根据许可协议下载使用。任何违反许可协议的软件复制或分发行为均属违法,并将受到严厉的民事和刑事处罚。违者将依法受到最严厉的法律制裁。

 在不限制前述规定的前提下,严禁将软件复制或再复制到任何其他服务器或位置以进行进一步复制或再分发,除非此类复制或再分发已由随附该软件的许可协议明确允许。

 本软件的保证(如有)仅限于许可协议的条款。除许可协议中规定的保证外,AMI 特此声明对本软件不作任何保证和条件,包括所有关于适销性、特定用途适用性、所有权和不侵权的默示保证和条件。

 为方便起见,AMI可能会在本服务或其软件产品中提供工具和实用程序供您使用和/或下载。AMI不对使用此类工具和实用程序所产生结果或输出的准确性做出任何保证。在使用本服务或AMI软件产品中提供的工具和实用程序时,请尊重他人的知识产权。

 RESTRICTED RIGHTS LEGEND. Any Software which is downloaded from this Server (ami.com) any other AMI owned, operated, licensed or controlled site for or on behalf of the United States of America, its agencies and/or instrumentalities ("U.S. Government"), is provided with Restricted Rights. Use, duplication, or disclosure by the U.S. Government is subject to restrictions as set forth in subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013 or subparagraphs (c)(1) and (2) of the Commercial Computer Software - Restricted Rights at 48 CFR 52.227-19, as applicable. Manufacturer is AMI 3095 Satellite Boulevard, Building 800, Suite 425, Duluth, GA 30096.

NOTICE SPECIFIC TO DOCUMENTS AVAILABLE ON THIS WEBSITE

 Permission to use Documents (such as white papers, press releases, datasheets and FAQs) from this server (ami.com) any other AMI owned, operated, licensed or controlled site ("Server") is granted, provided that (1) the below copyright notice appears in all copies and that both the copyright notice and this permission notice appear, (2) use of such Documents from this Server is for informational and non-commercial or personal use only and will not be copied or posted on any network computer or broadcast in any media and (3) no modifications of any Documents are made. Educational institutions ( specifically K-12, universities and state community colleges) may download and reproduce the Documents for distribution in the classroom. Distribution outside the classroom requires express written permission. Use for any other purpose is expressly prohibited by law and may result in severe civil and criminal penalties. Violators will be prosecuted to the maximum extent possible.

 Documents specified above do not include the design or layout of the ami.com website or any other AMI owned, operated, licensed or controlled site. Elements of AMI websites are protected by trade dress, trademark, unfair competition and other laws and may not be copied or imitated in whole or in part. No logo, graphic, sound or image from any AMI website may be copied or retransmitted unless expressly permitted by AMI.

 AMI AND/OR ITS RESPECTIVE SUPPLIERS MAKE NO REPRESENTATIONS ABOUT THE SUITABILITY OF THE INFORMATION CONTAINED IN THE DOCUMENTS AND RELATED GRAPHICS PUBLISHED ON THIS SERVER FOR ANY PURPOSE. ALL SUCH DOCUMENTS AND RELATED GRAPHICS ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. AMI AND/OR ITS RESPECTIVE SUPPLIERS HEREBY DISCLAIM ALL WARRANTIES AND CONDITIONS WITH REGARD TO THIS INFORMATION, INCLUDING ALL IMPLIED WARRANTIES AND CONDITIONS OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT. IN NO EVENT SHALL AMI AND/OR ITS RESPECTIVE SUPPLIERS BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF INFORMATION AVAILABLE FROM THIS SERVER.

 THE DOCUMENTS AND RELATED GRAPHICS PUBLISHED ON THIS SERVER COULD INCLUDE TECHNICAL INACCURACIES OR TYPOGRAPHICAL ERRORS. CHANGES ARE PERIODICALLY ADDED TO THE INFORMATION HEREIN. AMI AND/OR ITS RESPECTIVE SUPPLIERS MAY MAKE IMPROVEMENTS AND/OR CHANGES IN THE PRODUCT(S) AND/OR THE PROGRAM(S) DESCRIBED HEREIN AT ANY TIME.

NOTICES AND PROCEDURE FOR MAKING CLAIMS OF COPYRIGHT INFRINGEMENT

 Pursuant to Title 17, United States Code, Section 512(c)(2), notifications of claimed copyright infringement should be sent to Service Provider's Designated Agent. ALL INQUIRIES NOT RELEVANT TO THE FOLLOWING PROCEDURE WILL NOT RECEIVE A RESPONSE.

 See Notice and Procedure for Making Claims of Copyright Infringement.

LINKS TO THIRD PARTY SITES

 THE LINKS IN THIS AREA WILL LET YOU LEAVE AMI'S SITE. THE LINKED SITES ARE NOT UNDER THE CONTROL OF AMI AND AMI IS NOT RESPONSIBLE FOR THE CONTENTS OF ANY LINKED SITE OR ANY LINK CONTAINED IN A LINKED SITE, OR ANY CHANGES OR UPDATES TO SUCH SITES. AMI IS NOT RESPONSIBLE FOR WEBCASTING OR ANY OTHER FORM OF TRANSMISSION RECEIVED FROM ANY LINKED SITE. AMI IS PROVIDING THESE LINKS TO YOU ONLY AS A CONVENIENCE, AND THE INCLUSION OF ANY LINK DOES NOT IMPLY ENDORSEMENT BY AMI OF THE SITE.

UNSOLICITED IDEA SUBMISSION POLICY

 AMI及其员工、代理和/或子公司均不接受或考虑任何未经请求的创意,包括但不限于新广告活动、新促销活动、新产品或技术、工艺流程、材料、营销计划或新产品名称的创意。严禁向AMI提交任何原创创意作品、样品、演示或其他作品。如AMI收到任何未经请求的创意材料,该等材料将被销毁,AMI对发送者因此遭受的任何直接或间接损失概不负责,且AMI无义务将该等材料视为机密或专有信息。双方明确理解,AMI禁止未经请求的创意提交政策的目的是为了防止第三方基于AMI开发的创意、产品或其他材料(该等创意、产品或其他材料可能与AMI收到的未经请求的创意、产品或其他材料相似或相同)而对AMI提出侵权索赔。

反馈和信息

 您在本网站提供的任何反馈均将被视为非保密信息。AMI 可以不受限制地使用此类信息。

条款及细则

请对此翻译评分
您的反馈将用于改进谷歌翻译