M11Sdv 4C Ln4F Firmware
CVE-2023-33413
HIGH
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
The configuration functionality in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implementation on Supermicro X11 and M11 based devices, with firmware versions through 3.17.02, allows remote authenticated users to execute arbitrary commands.
AnalysisAI
The configuration functionality in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implementation on Supermicro X11 and M11 based devices, with firmware. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Use of Hard-coded Credentials (CWE-798), which allows attackers to gain access using credentials embedded in source code. The configuration functionality in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implementation on Supermicro X11 and M11 based devices, with firmware versions through 3.17.02, allows remote authenticated users to execute arbitrary commands. Affected products include: Supermicro M11Sdv-4C-Ln4F Firmware, Supermicro M11Sdv-4Ct-Ln4F Firmware, Supermicro M11Sdv-8C-Ln4F Firmware, Supermicro M11Sdv-8Ct-Ln4F Firmware, Supermicro M11Sdv-8C\+-Ln4F Firmware. Version information: through 3.17.02.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Remove hard-coded credentials, use environment variables or secrets management, rotate exposed credentials immediately.
More in M11Sdv 4C Ln4F Firmware
View allOn Supermicro H11, H12, M11, X9, X10, and X11 products, a combination of encryption and authentication problems in the v
The web interface in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implemen
A web server in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implementatio
Same weakness CWE-798 – Use of Hard-coded Credentials
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today