Vulnerabilities > Supermicro > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-07-31 CVE-2023-35861 OS Command Injection vulnerability in Supermicro products
A shell-injection vulnerability in email notifications on Supermicro motherboards (such as H12DST-B before 03.10.35) allows remote attackers to inject execute arbitrary commands as root on the BMC.
network
low complexity
supermicro CWE-78
critical
9.8
2019-12-08 CVE-2019-19642 OS Command Injection vulnerability in Supermicro X8Sti-F Bios and X8Sti-F Firmware
On SuperMicro X8STi-F motherboards with IPMI firmware 2.06 and BIOS 02.68, the Virtual Media feature allows OS Command Injection by authenticated attackers who can send HTTP requests to the IPMI IP address.
network
low complexity
supermicro CWE-78
critical
9.0
2013-12-10 CVE-2013-3623 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Supermicro Intelligent Platform Management Firmware 2.24/2.26
Multiple stack-based buffer overflows in cgi/close_window.cgi in the web interface in the Intelligent Platform Management Interface (IPMI) with firmware before 3.15 (SMT_X9_315) on Supermicro X9 generation motherboards allow remote attackers to execute arbitrary code via the (1) sess_sid or (2) ACT parameter.
network
low complexity
supermicro CWE-119
critical
10.0
2013-12-10 CVE-2013-3622 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Supermicro Intelligent Platform Management Firmware 2.24/2.26
Buffer overflow in logout.cgi in the Intelligent Platform Management Interface (IPMI) with firmware before 3.15 (SMT_X9_315) on Supermicro X9 generation motherboards allows remote authenticated users to execute arbitrary code via the SID parameter.
network
low complexity
supermicro CWE-119
critical
9.0
2013-09-08 CVE-2013-3609 Improper Input Validation vulnerability in Supermicro products
The web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC*, H8DG*, H8SCM-F, H8SGL-F, H8SM*, X7SP*, X8DT*, X8SI*, X9DAX-*, X9DB*, X9DR*, X9QR*, X9SBAA-F, X9SC*, X9SPU-F, and X9SR* devices relies on JavaScript code on the client for authorization checks, which allows remote authenticated users to bypass intended access restrictions via a crafted request, related to the PrivilegeCallBack function.
network
low complexity
supermicro CWE-20
critical
10.0
2013-09-08 CVE-2013-3608 Improper Input Validation vulnerability in Supermicro products
The web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC*, H8DG*, H8SCM-F, H8SGL-F, H8SM*, X7SP*, X8DT*, X8SI*, X9DAX-*, X9DB*, X9DR*, X9QR*, X9SBAA-F, X9SC*, X9SPU-F, and X9SR* devices allows remote authenticated users to execute arbitrary commands via shell metacharacters, as demonstrated by the IP address field in config_date_time.cgi.
network
low complexity
supermicro CWE-20
critical
10.0
2013-09-08 CVE-2013-3607 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Supermicro products
Multiple stack-based buffer overflows in the web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC*, H8DG*, H8SCM-F, H8SGL-F, H8SM*, X7SP*, X8DT*, X8SI*, X9DAX-*, X9DB*, X9DR*, X9QR*, X9SBAA-F, X9SC*, X9SPU-F, and X9SR* devices allow remote attackers to execute arbitrary code on the Baseboard Management Controller (BMC), as demonstrated by the (1) username or (2) password field in login.cgi.
network
low complexity
supermicro CWE-119
critical
10.0
2013-07-08 CVE-2013-4782 Improper Authentication vulnerability in Supermicro BMC
The Supermicro BMC implementation allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher zero) and an arbitrary password.
network
low complexity
supermicro CWE-287
critical
10.0