CVE-2019-19642
published 2019-12-08CVE-2019-19642: On SuperMicro X8STi-F motherboards with IPMI firmware 2.06 and BIOS 02.68, the Virtual Media feature allows OS Command Injection by authenticated attackers who…
PriorityP264high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
19.04%
97.0th percentile
On SuperMicro X8STi-F motherboards with IPMI firmware 2.06 and BIOS 02.68, the Virtual Media feature allows OS Command Injection by authenticated attackers who can send HTTP requests to the IPMI IP address. This requires a POST to /rpc/setvmdrive.asp with shell metacharacters in ShareHost or ShareName. The attacker can achieve a persistent backdoor.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| supermicro | x8sti-f_bios | — | — |
| supermicro | x8sti-f_firmware | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor HTTP POST requests to /rpc/setvmdrive.asp on IPMI management interfaces for shell metacharacters in the ShareHost or ShareName parameters, which indicate OS command injection attempts. ↗
- →Scope detection to SuperMicro X8STi-F motherboards running IPMI firmware 2.06 and BIOS 02.68; successful exploitation can result in a persistent backdoor on the device. ↗
- →Flag any evidence of persistent backdoor installation originating from the IPMI interface, as successful exploitation of this vulnerability is noted to achieve persistence. ↗
- ·Exploitation requires authentication; unauthenticated attackers cannot directly exploit this vulnerability. Detection should account for authenticated sessions abusing the Virtual Media feature. ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
vendor_ubuntu5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Kernel Live Patch Security Notice
vendor_ubuntu·2020-07-27·CVSS 5.5
CVE-2020-14416 [MEDIUM] Kernel Live Patch Security Notice
Title: Kernel Live Patch Security Notice
Summary: Several security issues were fixed in the kernel.
Relay_open in kernel/relay.c in the Linux kernel through 5.4.1 allows local
users to cause a denial of service (such as relay blockage) by triggering a
NULL alloc_percpu result. (CVE-2019-19462)
Fan Yang discovered that the mremap implementation in the Linux kernel did
not properly handle DAX Huge Pages. A local attacker with access to DAX
storage could use this to gain administrative privileges. (CVE-2020-10757)
It was discovered that the DesignWare SPI controller driver in the Linux
kernel contained a race condition. A local attacker could possibly use this
to cause a denial of service (system crash). (CVE-2020-12769)
In the Linux kernel before 5.4.16, a race condition in tty->disc_da
GHSA
GHSA-8rgw-25fw-5m5f: On SuperMicro X8STi-F motherboards with IPMI firmware 2
ghsa_unreviewed·2022-05-24
CVE-2019-19642 [HIGH] GHSA-8rgw-25fw-5m5f: On SuperMicro X8STi-F motherboards with IPMI firmware 2
On SuperMicro X8STi-F motherboards with IPMI firmware 2.06 and BIOS 02.68, the Virtual Media feature allows OS Command Injection by authenticated attackers who can send HTTP requests to the IPMI IP address. This requires a POST to /rpc/setvmdrive.asp with shell metacharacters in ShareHost or ShareName. The attacker can achieve a persistent backdoor.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2019-12-08
Published