X11Ssl Cf Firmware
CVE-2023-33411
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
A web server in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implementation on Supermicro X11 and M11 based devices, with firmware versions up to 3.17.02, allows remote unauthenticated users to perform directory traversal, potentially disclosing sensitive information.
AnalysisAI
A web server in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implementation on Supermicro X11 and M11 based devices, with firmware versions up to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Path Traversal (CWE-22), which allows attackers to access files and directories outside the intended path. A web server in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implementation on Supermicro X11 and M11 based devices, with firmware versions up to 3.17.02, allows remote unauthenticated users to perform directory traversal, potentially disclosing sensitive information. Affected products include: Supermicro M11Sdv-4C-Ln4F Firmware, Supermicro M11Sdv-4Ct-Ln4F Firmware, Supermicro M11Sdv-8C-Ln4F Firmware, Supermicro M11Sdv-8Ct-Ln4F Firmware, Supermicro M11Sdv-8C\+-Ln4F Firmware. Version information: up to 3.17.02.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate and canonicalize file paths. Use chroot or sandboxing. Reject input containing path separators or '../' sequences.
More in X11Ssl Cf Firmware
View allOn Supermicro X10 and X11 products, a client's access privileges may be transferred to a different client that later has
On Supermicro H11, H12, M11, X9, X10, and X11 products, a combination of encryption and authentication problems in the v
The web interface in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implemen
The configuration functionality in the Intelligent Platform Management Interface (IPMI) baseboard management controller
Buffer Overflow vulnerability in Supermicro motherboard X12DPG-QR 1.4b allows local attackers to hijack control flow via
Supermicro X11SSL-CF HW Rev 1.01, BMC firmware v1.63 was discovered to contain insecure permissions. Rated medium severi
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today