CVSS: 7.8EPSS: 0%CPEs: 542EXPL: 1CVE-2023-34853
https://notcve.org/view.php?id=CVE-2023-34853
Buffer Overflow vulnerability in Supermicro motherboard X12DPG-QR 1.4b allows local attackers to hijack control flow via manipulation of SmcSecurityEraseSetupVar variable. • https://github.com/risuxx/CVE-2023-34853 https://www.supermicro.com/Bios/softfiles/17136/X12DPG-QR_1.4b_X1.02.61_SUM2.10.0.zip. https://www.supermicro.com/en/support/security_BIOS_Aug_2023 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 294EXPL: 0CVE-2022-43309
https://notcve.org/view.php?id=CVE-2022-43309
Supermicro X11SSL-CF HW Rev 1.01, BMC firmware v1.63 was discovered to contain insecure permissions. • http://supermicro.com http://x11ssl-cf.com https://www.supermicro.com/en/support/security_VRM_Jan_2023 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.2EPSS: 0%CPEs: 220EXPL: 0CVE-2018-13787
https://notcve.org/view.php?id=CVE-2018-13787
Certain Supermicro X11S, X10, X9, X8SI, K1SP, C9X299, C7, B1, A2, and A1 products have a misconfigured Descriptor Region, allowing OS programs to modify firmware. Ciertos productos Supermicro X11S, X10, X9, X8SI, K1SP, C9X299, C7, B1, A2 y A1 tienen un error de configuración en el descriptor de región, lo que permite que los programas del sistema operativo modifiquen el firmware. • https://blog.eclypsium.com/2018/06/07/firmware-vulnerabilities-in-supermicro-systems https://www.bleepingcomputer.com/news/security/firmware-vulnerabilities-disclosed-in-supermicro-server-products https://www.supermicro.com/support/security_Intel-SA-00088.cfm?pg=X10#tab •