CVE-2023-40289

CWE-269 — Improper Privilege Management3 documents3 sources

Severity

7.2HIGH

EPSS

2.0%

top 16.24%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Supermicro X11sae-f Firmware Supermicro X11sse-f Firmware Supermicro X11ssm-f Firmware

Timeline

PublishedMar 27

Description

A command injection issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker can exploit this to elevate privileges from a user with BMC administrative privileges.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages3 packages

▶NVDsupermicro/x11sae-f_firmware1.66

▶NVDsupermicro/x11sse-f_firmware1.66

▶NVDsupermicro/x11ssm-f_firmware1.66

🔴Vulnerability Details

CVEList

CVE-2023-40289: A command injection issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1↗2024-03-27

▶

GHSA

GHSA-92q8-mrj6-9v42: A command injection issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1↗2024-03-27

▶