X11Ssl Cf Firmware
CVE-2022-43309
MEDIUM
Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Lifecycle Timeline
1DescriptionNVD
Supermicro X11SSL-CF HW Rev 1.01, BMC firmware v1.63 was discovered to contain insecure permissions.
AnalysisAI
Supermicro X11SSL-CF HW Rev 1.01, BMC firmware v1.63 was discovered to contain insecure permissions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Incorrect Permission Assignment (CWE-732), which allows attackers to access resources due to misconfigured permissions. Supermicro X11SSL-CF HW Rev 1.01, BMC firmware v1.63 was discovered to contain insecure permissions. Affected products include: Supermicro X11Ssl-Cf Firmware, Supermicro X11Dac Firmware, Supermicro X11Dai-N Firmware, Supermicro X11Ddw-L Firmware, Supermicro X11Ddw-Nt Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Review and restrict file/resource permissions, apply principle of least privilege.
More in X11Ssl Cf Firmware
View allOn Supermicro X10 and X11 products, a client's access privileges may be transferred to a different client that later has
On Supermicro H11, H12, M11, X9, X10, and X11 products, a combination of encryption and authentication problems in the v
The web interface in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implemen
The configuration functionality in the Intelligent Platform Management Interface (IPMI) baseboard management controller
Buffer Overflow vulnerability in Supermicro motherboard X12DPG-QR 1.4b allows local attackers to hijack control flow via
A web server in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implementatio
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today