cbcvebase.
CVE-2019-19642
published 2019-12-08

CVE-2019-19642: On SuperMicro X8STi-F motherboards with IPMI firmware 2.06 and BIOS 02.68, the Virtual Media feature allows OS Command Injection by authenticated attackers who…

PriorityP264high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
19.04%
97.0th percentile
On SuperMicro X8STi-F motherboards with IPMI firmware 2.06 and BIOS 02.68, the Virtual Media feature allows OS Command Injection by authenticated attackers who can send HTTP requests to the IPMI IP address. This requires a POST to /rpc/setvmdrive.asp with shell metacharacters in ShareHost or ShareName. The attacker can achieve a persistent backdoor.

Affected

2 ranges
VendorProductVersion rangeFixed in
supermicrox8sti-f_bios
supermicrox8sti-f_firmware

Detection & IOCsextracted from sources · hover to see the quote

url/rpc/setvmdrive.asp
  • Monitor HTTP POST requests to /rpc/setvmdrive.asp on IPMI management interfaces for shell metacharacters in the ShareHost or ShareName parameters, which indicate OS command injection attempts.
  • Scope detection to SuperMicro X8STi-F motherboards running IPMI firmware 2.06 and BIOS 02.68; successful exploitation can result in a persistent backdoor on the device.
  • Flag any evidence of persistent backdoor installation originating from the IPMI interface, as successful exploitation of this vulnerability is noted to achieve persistence.
  • ·Exploitation requires authentication; unauthenticated attackers cannot directly exploit this vulnerability. Detection should account for authenticated sessions abusing the Virtual Media feature.

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
vendor_ubuntu5.5MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.