CVSS: 10.0EPSS: 0%CPEs: 530EXPL: 0CVE-2019-16650
https://notcve.org/view.php?id=CVE-2019-16650
On Supermicro X10 and X11 products, a client's access privileges may be transferred to a different client that later has the same socket file descriptor number. In opportunistic circumstances, an attacker can simply connect to the virtual media service, and then connect virtual USB devices to the server managed by the BMC. En los productos Supermicro X10 y X11, los privilegios de acceso de un cliente pueden ser transferidos hacia un cliente diferente que luego tenga el mismo número de descriptor de archivo de socket. En circunstancias oportunistas, un atacante puede simplemente conectarse al servicio multimedia virtual y luego conectarse a dispositivos USB virtuales en el servidor administrado por el BMC. • https://eclypsium.com/2019/09/03/usbanywhere-bmc-vulnerability-opens-servers-to-remote-attack https://github.com/eclypsium/USBAnywhere https://www.supermicro.com/support/security_BMC_virtual_media.cfm •
CVSS: 9.8EPSS: 5%CPEs: 1EXPL: 1CVE-2019-13131
https://notcve.org/view.php?id=CVE-2019-13131
Super Micro SuperDoctor 5, when restrictions are not implemented in agent.cfg, allows remote attackers to execute arbitrary commands via NRPE. Super Micro SuperDoctor 5, cuando no se implementan restricciones en agent.cfg, permite a los atacantes remotos ejecutar comandos arbitrarios a través de NRPE. • https://www.exploit-db.com/exploits/47030 • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.2EPSS: 0%CPEs: 220EXPL: 0CVE-2018-13787
https://notcve.org/view.php?id=CVE-2018-13787
Certain Supermicro X11S, X10, X9, X8SI, K1SP, C9X299, C7, B1, A2, and A1 products have a misconfigured Descriptor Region, allowing OS programs to modify firmware. Ciertos productos Supermicro X11S, X10, X9, X8SI, K1SP, C9X299, C7, B1, A2 y A1 tienen un error de configuración en el descriptor de región, lo que permite que los programas del sistema operativo modifiquen el firmware. • https://blog.eclypsium.com/2018/06/07/firmware-vulnerabilities-in-supermicro-systems https://www.bleepingcomputer.com/news/security/firmware-vulnerabilities-disclosed-in-supermicro-server-products https://www.supermicro.com/support/security_Intel-SA-00088.cfm?pg=X10#tab •
CVSS: 9.0EPSS: 3%CPEs: 2EXPL: 1CVE-2013-3622
https://notcve.org/view.php?id=CVE-2013-3622
Buffer overflow in logout.cgi in the Intelligent Platform Management Interface (IPMI) with firmware before 3.15 (SMT_X9_315) on Supermicro X9 generation motherboards allows remote authenticated users to execute arbitrary code via the SID parameter. Desbordamiento de búfer en logout.cgi de Intelligent Platform Management Interface (IPMI) con firmware anterior a la versión 3.15 (SMT_X9_315), de la generación de placas madre Supermicro X9, permite a usuarios remotos autenticados ejecutar código arbitrario a través del parámetro SID. • http://www.securityfocus.com/bid/64259 https://community.rapid7.com/community/metasploit/blog/2013/11/06/supermicro-ipmi-firmware-vulnerabilities https://support.citrix.com/article/CTX216642 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 96%CPEs: 2EXPL: 3CVE-2013-3623 – Supermicro Onboard IPMI - 'close_window.cgi' Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2013-3623
Multiple stack-based buffer overflows in cgi/close_window.cgi in the web interface in the Intelligent Platform Management Interface (IPMI) with firmware before 3.15 (SMT_X9_315) on Supermicro X9 generation motherboards allow remote attackers to execute arbitrary code via the (1) sess_sid or (2) ACT parameter. Múltiples vulnerabilidades buffer overflow de pila en cgi/close_window.cgi en la interfaz web en laIntelligent Platform Management Interface (IPMI) con firmware anterior a 3.15 (SMT_X9_315) en las placas base de la generación Supermicro X9 permite a atacantes remotos ejecutar código arbitrario a través de la (1) sess_sid o (2) parámetro ACT. • https://www.exploit-db.com/exploits/29666 http://www.exploit-db.com/exploits/29666 http://www.securityfocus.com/bid/63775 http://www.supermicro.com/products/nfo/files/IPMI/CVE_Update.pdf http://www.thomas-krenn.com/en/wiki/Supermicro_IPMI_Security_Updates_November_2013 https://community.rapid7.com/community/metasploit/blog/2013/11/06/supermicro-ipmi-firmware-vulnerabilities https://support.citrix.com/article/CTX216642 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •