CVE-2023-33411

CWE-22 — Path Traversal3 documents3 sources

Severity

7.5HIGH

EPSS

1.7%

top 17.54%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

362

Supermicro B12dpe-6 Firmware Supermicro B12dpt-6 Firmware Supermicro B12spe-cpu-25g Firmware +359 more

Timeline

PublishedDec 7

Description

A web server in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implementation on Supermicro X11 and M11 based devices, with firmware versions up to 3.17.02, allows remote unauthenticated users to perform directory traversal, potentially disclosing sensitive information.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages362 packages

▶NVDsupermicro/b13dee_firmware3.17.02

▶NVDsupermicro/b13det_firmware3.17.02

▶NVDsupermicro/b13seg_firmware3.17.02

▶NVDsupermicro/h13dsh_firmware3.17.02

▶NVDsupermicro/h13ssf_firmware3.17.02

🔴Vulnerability Details

GHSA

GHSA-7675-h57g-r24m: A web server in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implementation on Supermicro X11 and M11 ba↗2023-12-07

▶

CVEList

CVE-2023-33411: A web server in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implementation on Supermicro X11 and M11 ba↗2023-12-07

▶