CVSS: 10.0EPSS: 0%CPEs: 676EXPL: 0CVE-2019-16649
https://notcve.org/view.php?id=CVE-2019-16649
21 Sep 2019 — On Supermicro H11, H12, M11, X9, X10, and X11 products, a combination of encryption and authentication problems in the virtual media service allows capture of BMC credentials and data transferred over virtual media devices. Attackers can use captured credentials to connect virtual USB devices to the server managed by the BMC. En los productos Supermicro H11, H12, M11, X9, X10 y X11, una combinación de problemas de cifrado y autenticación en el servicio multimedia virtual permite la captura de credenciales d... • https://eclypsium.com/2019/09/03/usbanywhere-bmc-vulnerability-opens-servers-to-remote-attack • CWE-287: Improper Authentication CWE-326: Inadequate Encryption Strength CWE-522: Insufficiently Protected Credentials •
CVSS: 10.0EPSS: 14%CPEs: 133EXPL: 1CVE-2013-3607
https://notcve.org/view.php?id=CVE-2013-3607
08 Sep 2013 — Multiple stack-based buffer overflows in the web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC*, H8DG*, H8SCM-F, H8SGL-F, H8SM*, X7SP*, X8DT*, X8SI*, X9DAX-*, X9DB*, X9DR*, X9QR*, X9SBAA-F, X9SC*, X9SPU-F, and X9SR* devices allow remote attackers to execute arbitrary code on the Baseboard Management Controller (BMC), as demonstrated by the (1) username or (2) password field in login.cgi. Multiples desbordamientos de buffer basados en pila en la interfaz ... • http://www.kb.cert.org/vuls/id/648646 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 3%CPEs: 133EXPL: 1CVE-2013-3608
https://notcve.org/view.php?id=CVE-2013-3608
08 Sep 2013 — The web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC*, H8DG*, H8SCM-F, H8SGL-F, H8SM*, X7SP*, X8DT*, X8SI*, X9DAX-*, X9DB*, X9DR*, X9QR*, X9SBAA-F, X9SC*, X9SPU-F, and X9SR* devices allows remote authenticated users to execute arbitrary commands via shell metacharacters, as demonstrated by the IP address field in config_date_time.cgi. La interfaz web en la implementación Intelligent Platform Management Interface (IPMI) en dispositivos Supermicro H8DC*, ... • http://www.kb.cert.org/vuls/id/648646 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 3%CPEs: 133EXPL: 1CVE-2013-3609
https://notcve.org/view.php?id=CVE-2013-3609
08 Sep 2013 — The web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC*, H8DG*, H8SCM-F, H8SGL-F, H8SM*, X7SP*, X8DT*, X8SI*, X9DAX-*, X9DB*, X9DR*, X9QR*, X9SBAA-F, X9SC*, X9SPU-F, and X9SR* devices relies on JavaScript code on the client for authorization checks, which allows remote authenticated users to bypass intended access restrictions via a crafted request, related to the PrivilegeCallBack function. La interfaz web en la implementación Intelligent Platform Manage... • http://www.kb.cert.org/vuls/id/648646 • CWE-20: Improper Input Validation •