Vulnerabilities > Supermicro > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-07-31 | CVE-2023-35861 | OS Command Injection vulnerability in Supermicro products A shell-injection vulnerability in email notifications on Supermicro motherboards (such as H12DST-B before 03.10.35) allows remote attackers to inject execute arbitrary commands as root on the BMC. | 9.8 |
2019-12-08 | CVE-2019-19642 | OS Command Injection vulnerability in Supermicro X8Sti-F Bios and X8Sti-F Firmware On SuperMicro X8STi-F motherboards with IPMI firmware 2.06 and BIOS 02.68, the Virtual Media feature allows OS Command Injection by authenticated attackers who can send HTTP requests to the IPMI IP address. | 9.0 |
2013-12-10 | CVE-2013-3623 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Supermicro Intelligent Platform Management Firmware 2.24/2.26 Multiple stack-based buffer overflows in cgi/close_window.cgi in the web interface in the Intelligent Platform Management Interface (IPMI) with firmware before 3.15 (SMT_X9_315) on Supermicro X9 generation motherboards allow remote attackers to execute arbitrary code via the (1) sess_sid or (2) ACT parameter. | 10.0 |
2013-12-10 | CVE-2013-3622 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Supermicro Intelligent Platform Management Firmware 2.24/2.26 Buffer overflow in logout.cgi in the Intelligent Platform Management Interface (IPMI) with firmware before 3.15 (SMT_X9_315) on Supermicro X9 generation motherboards allows remote authenticated users to execute arbitrary code via the SID parameter. | 9.0 |
2013-09-08 | CVE-2013-3609 | Improper Input Validation vulnerability in Supermicro products The web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC*, H8DG*, H8SCM-F, H8SGL-F, H8SM*, X7SP*, X8DT*, X8SI*, X9DAX-*, X9DB*, X9DR*, X9QR*, X9SBAA-F, X9SC*, X9SPU-F, and X9SR* devices relies on JavaScript code on the client for authorization checks, which allows remote authenticated users to bypass intended access restrictions via a crafted request, related to the PrivilegeCallBack function. | 10.0 |
2013-09-08 | CVE-2013-3608 | Improper Input Validation vulnerability in Supermicro products The web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC*, H8DG*, H8SCM-F, H8SGL-F, H8SM*, X7SP*, X8DT*, X8SI*, X9DAX-*, X9DB*, X9DR*, X9QR*, X9SBAA-F, X9SC*, X9SPU-F, and X9SR* devices allows remote authenticated users to execute arbitrary commands via shell metacharacters, as demonstrated by the IP address field in config_date_time.cgi. | 10.0 |
2013-09-08 | CVE-2013-3607 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Supermicro products Multiple stack-based buffer overflows in the web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC*, H8DG*, H8SCM-F, H8SGL-F, H8SM*, X7SP*, X8DT*, X8SI*, X9DAX-*, X9DB*, X9DR*, X9QR*, X9SBAA-F, X9SC*, X9SPU-F, and X9SR* devices allow remote attackers to execute arbitrary code on the Baseboard Management Controller (BMC), as demonstrated by the (1) username or (2) password field in login.cgi. | 10.0 |
2013-07-08 | CVE-2013-4782 | Improper Authentication vulnerability in Supermicro BMC The Supermicro BMC implementation allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher zero) and an arbitrary password. | 10.0 |