Skip to main content

H12Dst B Firmware CVE-2023-35861

CRITICAL
OS Command Injection (CWE-78)
2023-07-31 cve@mitre.org
Command Injection H12Dst B Firmware X13Dai T Firmware X13Ddw A Firmware X13Deg Oa Firmware X13Deg Oad Firmware X13Deg Pvc Firmware X13Deg Qt Firmware X13Dei Firmware X13Dei T Firmware X13Dem Firmware X13Det B Firmware X13Dgu Firmware X13Dsf A Firmware X13Qeh Firmware X13Sae Firmware X13Sae F Firmware X13San C Firmware X13San C Wohs Firmware X13San E Firmware X13San E Wohs Firmware X13San H Firmware X13San H Wohs Firmware X13San L Firmware X13San L Wohs Firmware X13Saq Firmware X13Sav Lvds Firmware X13Sav Ps Firmware X13Saz F Firmware X13Saz Q Firmware X13Sedw F Firmware X13Seed F Firmware X13Seed Sf Firmware X13Sefr A Firmware X13Sei F Firmware X13Sei Tf Firmware X13Sem F Firmware X13Sem Tf Firmware X13Set G Firmware X13Set Gc Firmware X13Sew F Firmware X13Sew Tf Firmware X13Sra Tf Firmware X13Srn E Firmware X13Srn E Wohs Firmware X13Srn H Firmware X13Srn H Wohs Firmware X13Swa Tf Firmware H13Dsg O Cpu Firmware H13Dsg O Cpu D Firmware H13Dsh Firmware H13Sae Mf Firmware H13Srd F Firmware H13Ssf Firmware H13Ssh Firmware H13Ssl N Firmware H13Ssl Nt Firmware H13Sst G Firmware H13Sst Gc Firmware H13Ssw Firmware X12Dai N6 Firmware X12Ddw A6 Firmware X12Dgo 6 Firmware X12Dgq R Firmware X12Dgu Firmware X12Dhm 6 Firmware X12Dpd A6M25 Firmware X12Dpfr An6 Firmware X12Dpg Ar Firmware X12Dpg Oa6 Firmware X12Dpg Oa6 Gd2 Firmware X12Dpg Qbt6 Firmware X12Dpg Qr Firmware X12Dpg Qt6 Firmware X12Dpg U6 Firmware X12Dpi N6 Firmware X12Dpi Nt6 Firmware X12Dpl I6 Firmware X12Dpl Nt6 Firmware X12Dpt B6 Firmware X12Dpt Pt46 Firmware X12Dpt Pt6 Firmware X12Dpu 6 Firmware X12Dsc 6 Firmware X12Qch Firmware X12Sae Firmware X12Sae 5 Firmware X12Sca 5F Firmware X12Sca F Firmware X12Scq Firmware X12Scv Lvds Firmware X12Scv W Firmware X12Scz F Firmware X12Scz Qf Firmware X12Scz Tln4F Firmware X12Sdv 10C Sp6F Firmware X12Sdv 10C Spt4F Firmware X12Sdv 14C Spt8F Firmware X12Sdv 16C Spt8F Firmware X12Sdv 20C Spt8F Firmware X12Sdv 4C Sp6F Firmware X12Sdv 4C Spt4F Firmware X12Sdv 4C Spt8F Firmware X12Sdv 8C Sp6F Firmware X12Sdv 8C Spt4F Firmware X12Sdv 8C Spt8F Firmware X12Sdv 8Ce Sp4F Firmware X12Spa Tf Firmware X12Sped F Firmware X12Spg Nf Firmware X12Spi Tf Firmware X12Spl F Firmware X12Spl Ln4F Firmware X12Spm Ln4F Firmware X12Spm Ln6Tf Firmware X12Spm Tf Firmware X12Spo F Firmware X12Spo Ntf Firmware X12Spt G Firmware X12Spt Gc Firmware X12Spt Pt Firmware X12Spw F Firmware X12Spw Tf Firmware X12Spz Ln4F Firmware X12Spz Spln6F Firmware X12Std F Firmware X12Ste F Firmware X12Sth F Firmware X12Sth Ln4F Firmware X12Sth Sys Firmware X12Stl F Firmware X12Stl If Firmware X12Stn C Firmware X12Stn C Wohs Firmware X12Stn E Firmware X12Stn E Wohs Firmware X12Stn H Firmware X12Stn H Wohs Firmware X12Stn L Firmware X12Stn L Wohs Firmware X12Stw F Firmware X12Stw Tf Firmware H12Ssw Ntr Firmware H12Ssw Ntl Firmware H12Ssw Nt Firmware H12Ssw Inr Firmware H12Ssw Inl Firmware H12Ssw In Firmware H12Ssw An6 Firmware H12Sst Ps Firmware H12Ssl Nt Firmware H12Ssl I Firmware H12Ssl Ct Firmware H12Ssl C Firmware H12Ssg Anp6 Firmware H12Ssg An6 Firmware H12Ssfr An6 Firmware H12Ssff An6 Firmware H12Dsu Inr Firmware H12Dsu In Firmware H12Dsi Nt6 Firmware H12Dsi N6 Firmware H12Dsg Q Cpu6 Firmware H12Dsg O Cpu Firmware H12Dgq Nt6 Firmware H12Dgo 6 Firmware
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Jul 31, 2023 - 13:15 nvd
CRITICAL 9.8

DescriptionNVD

A shell-injection vulnerability in email notifications on Supermicro motherboards (such as H12DST-B before 03.10.35) allows remote attackers to inject execute arbitrary commands as root on the BMC.

AnalysisAI

A shell-injection vulnerability in email notifications on Supermicro motherboards (such as H12DST-B before 03.10.35) allows remote attackers to inject execute arbitrary commands as root on the BMC. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as OS Command Injection (CWE-78), which allows attackers to execute arbitrary operating system commands on the host. A shell-injection vulnerability in email notifications on Supermicro motherboards (such as H12DST-B before 03.10.35) allows remote attackers to inject execute arbitrary commands as root on the BMC. Affected products include: Supermicro H12Dst-B Firmware, Supermicro X13Dai-T Firmware, Supermicro X13Ddw-A Firmware, Supermicro X13Deg-Oa Firmware, Supermicro X13Deg-Oad Firmware. Version information: before 03.10.35.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Avoid passing user input to shell commands. Use language-specific APIs instead of shell execution. Apply strict input validation with allowlists.

Share

CVE-2023-35861 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy