M11Sdv 4C Ln4F Firmware
CVE-2023-33412
HIGH
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
The web interface in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implementation on Supermicro X11 and M11 based devices, with firmware versions before 3.17.02, allows remote authenticated users to execute arbitrary commands via a crafted request targeting vulnerable cgi endpoints.
AnalysisAI
The web interface in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implementation on Supermicro X11 and M11 based devices, with firmware versions before. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
The web interface in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implementation on Supermicro X11 and M11 based devices, with firmware versions before 3.17.02, allows remote authenticated users to execute arbitrary commands via a crafted request targeting vulnerable cgi endpoints. Affected products include: Supermicro M11Sdv-4C-Ln4F Firmware, Supermicro M11Sdv-4Ct-Ln4F Firmware, Supermicro M11Sdv-8C-Ln4F Firmware, Supermicro M11Sdv-8Ct-Ln4F Firmware, Supermicro M11Sdv-8C\+-Ln4F Firmware. Version information: before 3.17.02.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in M11Sdv 4C Ln4F Firmware
View allOn Supermicro H11, H12, M11, X9, X10, and X11 products, a combination of encryption and authentication problems in the v
The configuration functionality in the Intelligent Platform Management Interface (IPMI) baseboard management controller
A web server in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implementatio
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today