CVE-2023-33412

3 documents3 sources

Severity

8.8HIGH

EPSS

2.7%

top 14.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

362

Supermicro B12dpe-6 Firmware Supermicro B12dpt-6 Firmware Supermicro B12spe-cpu-25g Firmware +359 more

Timeline

PublishedDec 7

Description

The web interface in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implementation on Supermicro X11 and M11 based devices, with firmware versions before 3.17.02, allows remote authenticated users to execute arbitrary commands via a crafted request targeting vulnerable cgi endpoints.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages362 packages

▶NVDsupermicro/b13dee_firmware3.17.02

▶NVDsupermicro/b13det_firmware3.17.02

▶NVDsupermicro/b13seg_firmware3.17.02

▶NVDsupermicro/h13dsh_firmware3.17.02

▶NVDsupermicro/h13ssf_firmware3.17.02

🔴Vulnerability Details

GHSA

GHSA-283r-fx38-xwrx: The web interface in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implementation on Supermicro X11 and M↗2023-12-07

▶

CVEList

CVE-2023-33412: The web interface in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implementation on Supermicro X11 and M↗2023-12-07

▶