CVE-2023-33413

CWE-798 — Hard-coded Credentials3 documents3 sources

Severity

8.8HIGH

EPSS

2.5%

top 14.54%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

362

Supermicro B12dpe-6 Firmware Supermicro B12dpt-6 Firmware Supermicro B12spe-cpu-25g Firmware +359 more

Timeline

PublishedDec 7

Description

The configuration functionality in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implementation on Supermicro X11 and M11 based devices, with firmware versions through 3.17.02, allows remote authenticated users to execute arbitrary commands.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages362 packages

▶NVDsupermicro/b13dee_firmware3.17.02

▶NVDsupermicro/b13det_firmware3.17.02

▶NVDsupermicro/b13seg_firmware3.17.02

▶NVDsupermicro/h13dsh_firmware3.17.02

▶NVDsupermicro/h13ssf_firmware3.17.02

🔴Vulnerability Details

CVEList

CVE-2023-33413: The configuration functionality in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implementation on Superm↗2023-12-07

▶

GHSA

GHSA-wwgj-w8cg-2x8h: The configuration functionality in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implementation on Superm↗2023-12-07

▶