Lucene search

[email protected]CVE-2023-35861

HistoryJul 31, 2023 - 1:15 p.m.

CVE-2023-35861

2023-07-3113:15:09

CWE-78

[email protected]

web.nvd.nist.gov

cve-2023-35861

supermicro

motherboards

shell injection

email notifications

vulnerability

remote attackers

arbitrary commands

root access

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.7%

JSON

A shell-injection vulnerability in email notifications on Supermicro motherboards (such as H12DST-B before 03.10.35) allows remote attackers to inject execute arbitrary commands as root on the BMC.

Affected configurations

NVD

Node

supermicroh12dst-b_firmwareRange<03.10.35

AND

supermicroh12dst-bMatch-

Node

supermicrox13dai-t_firmwareMatch-

AND

supermicrox13dai-tMatch-

Node

supermicrox13ddw-a_firmwareMatch-

AND

supermicrox13ddw-aMatch-

Node

supermicrox13deg-oa_firmwareMatch-

AND

supermicrox13deg-oaMatch-

Node

supermicrox13deg-oad_firmwareMatch-

AND

supermicrox13deg-oadMatch-

Node

supermicrox13deg-pvc_firmwareMatch-

AND

supermicrox13deg-pvcMatch-

Node

supermicrox13deg-qt_firmwareMatch-

AND

supermicrox13deg-qtMatch-

Node

supermicrox13dei_firmwareMatch-

AND

supermicrox13deiMatch-

Node

supermicrox13dei-t_firmwareMatch-

AND

supermicrox13dei-tMatch-

Node

supermicrox13dem_firmwareMatch-

AND

supermicrox13demMatch-

Node

supermicrox13det-b_firmwareMatch-

AND

supermicrox13det-bMatch-

Node

supermicrox13dgu_firmwareMatch-

AND

supermicrox13dguMatch-

Node

supermicrox13dsf-a_firmwareMatch-

AND

supermicrox13dsf-aMatch-

Node

supermicrox13qeh\+_firmwareMatch-

AND

supermicrox13qeh\+Match-

Node

supermicrox13sae_firmwareMatch-

AND

supermicrox13saeMatch-

Node

supermicrox13sae-f_firmwareMatch-

AND

supermicrox13sae-fMatch-

Node

supermicrox13san-c_firmwareMatch-

AND

supermicrox13san-cMatch-

Node

supermicrox13san-c-wohs_firmwareMatch-

AND

supermicrox13san-c-wohsMatch-

Node

supermicrox13san-e_firmwareMatch-

AND

supermicrox13san-eMatch-

Node

supermicrox13san-e-wohs_firmwareMatch-

AND

supermicrox13san-e-wohsMatch-

Node

supermicrox13san-h_firmwareMatch-

AND

supermicrox13san-hMatch-

Node

supermicrox13san-h-wohs_firmwareMatch-

AND

supermicrox13san-h-wohsMatch-

Node

supermicrox13san-l_firmwareMatch-

AND

supermicrox13san-lMatch-

Node

supermicrox13san-l-wohs_firmwareMatch-

AND

supermicrox13san-l-wohsMatch-

Node

supermicrox13saq_firmwareMatch-

AND

supermicrox13saqMatch-

Node

supermicrox13sav-lvds_firmwareMatch-

AND

supermicrox13sav-lvdsMatch-

Node

supermicrox13sav-ps_firmwareMatch-

AND

supermicrox13sav-psMatch-

Node

supermicrox13saz-f_firmwareMatch-

AND

supermicrox13saz-fMatch-

Node

supermicrox13saz-q_firmwareMatch-

AND

supermicrox13saz-qMatch-

Node

supermicrox13sedw-f_firmwareMatch-

AND

supermicrox13sedw-fMatch-

Node

supermicrox13seed-f_firmwareMatch-

AND

supermicrox13seed-fMatch-

Node

supermicrox13seed-sf_firmwareMatch-

AND

supermicrox13seed-sfMatch-

Node

supermicrox13sefr-a_firmwareMatch-

AND

supermicrox13sefr-aMatch-

Node

supermicrox13sei-f_firmwareMatch-

AND

supermicrox13sei-fMatch-

Node

supermicrox13sei-tf_firmwareMatch-

AND

supermicrox13sei-tfMatch-

Node

supermicrox13sem-f_firmwareMatch-

AND

supermicrox13sem-fMatch-

Node

supermicrox13sem-tf_firmwareMatch-

AND

supermicrox13sem-tfMatch-

Node

supermicrox13set-g_firmwareMatch-

AND

supermicrox13set-gMatch-

Node

supermicrox13set-gc_firmwareMatch-

AND

supermicrox13set-gcMatch-

Node

supermicrox13sew-f_firmwareMatch-

AND

supermicrox13sew-fMatch-

Node

supermicrox13sew-tf_firmwareMatch-

AND

supermicrox13sew-tfMatch-

Node

supermicrox13sra-tf_firmwareMatch-

AND

supermicrox13sra-tfMatch-

Node

supermicrox13srn-e_firmwareMatch-

AND

supermicrox13srn-eMatch-

Node

supermicrox13srn-e-wohs_firmwareMatch-

AND

supermicrox13srn-e-wohsMatch-

Node

supermicrox13srn-h_firmwareMatch-

AND

supermicrox13srn-hMatch-

Node

supermicrox13srn-h-wohs_firmwareMatch-

AND

supermicrox13srn-h-wohsMatch-

Node

supermicrox13swa-tf_firmwareMatch-

AND

supermicrox13swa-tfMatch-

Node

supermicroh13dsg-o-cpu_firmwareMatch-

AND

supermicroh13dsg-o-cpuMatch-

Node

supermicroh13dsg-o-cpu-d_firmwareMatch-

AND

supermicroh13dsg-o-cpu-dMatch-

Node

supermicroh13dsh_firmwareMatch-

AND

supermicroh13dshMatch-

Node

supermicroh13sae-mf_firmwareMatch-

AND

supermicroh13sae-mfMatch-

Node

supermicroh13srd-f_firmwareMatch-

AND

supermicroh13srd-fMatch-

Node

supermicroh13ssf_firmwareMatch-

AND

supermicroh13ssfMatch-

Node

supermicroh13ssh_firmwareMatch-

AND

supermicroh13sshMatch-

Node

supermicroh13ssl-n_firmwareMatch-

AND

supermicroh13ssl-nMatch-

Node

supermicroh13ssl-nt_firmwareMatch-

AND

supermicroh13ssl-ntMatch-

Node

supermicroh13sst-g_firmwareMatch-

AND

supermicroh13sst-gMatch-

Node

supermicroh13sst-gc_firmwareMatch-

AND

supermicroh13sst-gcMatch-

Node

supermicroh13ssw_firmwareMatch-

AND

supermicroh13sswMatch-

Node

supermicrox12dai-n6_firmwareMatch-

AND

supermicrox12dai-n6Match-

Node

supermicrox12ddw-a6_firmwareMatch-

AND

supermicrox12ddw-a6Match-

Node

supermicrox12dgo-6_firmwareMatch-

AND

supermicrox12dgo-6Match-

Node

supermicrox12dgq-r_firmwareMatch-

AND

supermicrox12dgq-rMatch-

Node

supermicrox12dgu_firmwareMatch-

AND

supermicrox12dguMatch-

Node

supermicrox12dhm-6_firmwareMatch-

AND

supermicrox12dhm-6Match-

Node

supermicrox12dpd-a6m25_firmwareMatch-

AND

supermicrox12dpd-a6m25Match-

Node

supermicrox12dpfr-an6_firmwareMatch-

AND

supermicrox12dpfr-an6Match-

Node

supermicrox12dpg-ar_firmwareMatch-

AND

supermicrox12dpg-arMatch-

Node

supermicrox12dpg-oa6_firmwareMatch-

AND

supermicrox12dpg-oa6Match-

Node

supermicrox12dpg-oa6-gd2_firmwareMatch-

AND

supermicrox12dpg-oa6-gd2Match-

Node

supermicrox12dpg-qbt6_firmwareMatch-

AND

supermicrox12dpg-qbt6Match-

Node

supermicrox12dpg-qr_firmwareMatch-

AND

supermicrox12dpg-qrMatch-

Node

supermicrox12dpg-qt6_firmwareMatch-

AND

supermicrox12dpg-qt6Match-

Node

supermicrox12dpg-u6_firmwareMatch-

AND

supermicrox12dpg-u6Match-

Node

supermicrox12dpi-n6_firmwareMatch-

AND

supermicrox12dpi-n6Match-

Node

supermicrox12dpi-nt6_firmwareMatch-

AND

supermicrox12dpi-nt6Match-

Node

supermicrox12dpl-i6_firmwareMatch-

AND

supermicrox12dpl-i6Match-

Node

supermicrox12dpl-nt6_firmwareMatch-

AND

supermicrox12dpl-nt6Match-

Node

supermicrox12dpt-b6_firmwareMatch-

AND

supermicrox12dpt-b6Match-

Node

supermicrox12dpt-pt46_firmwareMatch-

AND

supermicrox12dpt-pt46Match-

Node

supermicrox12dpt-pt6_firmwareMatch-

AND

supermicrox12dpt-pt6Match-

Node

supermicrox12dpu-6_firmwareMatch-

AND

supermicrox12dpu-6Match-

Node

supermicrox12dsc-6_firmwareMatch-

AND

supermicrox12dsc-6Match-

Node

supermicrox12qch\+_firmwareMatch-

AND

supermicrox12qch\+Match-

Node

supermicrox12sae_firmwareMatch-

AND

supermicrox12saeMatch-

Node

supermicrox12sae-5_firmwareMatch-

AND

supermicrox12sae-5Match-

Node

supermicrox12sca-5f_firmwareMatch-

AND

supermicrox12sca-5fMatch-

Node

supermicrox12sca-f_firmwareMatch-

AND

supermicrox12sca-fMatch-

Node

supermicrox12scq_firmwareMatch-

AND

supermicrox12scqMatch-

Node

supermicrox12scv-lvds_firmwareMatch-

AND

supermicrox12scv-lvdsMatch-

Node

supermicrox12scv-w_firmwareMatch-

AND

supermicrox12scv-wMatch-

Node

supermicrox12scz-f_firmwareMatch-

AND

supermicrox12scz-fMatch-

Node

supermicrox12scz-qf_firmwareMatch-

AND

supermicrox12scz-qfMatch-

Node

supermicrox12scz-tln4f_firmwareMatch-

AND

supermicrox12scz-tln4fMatch-

Node

supermicrox12sdv-10c-sp6f_firmwareMatch-

AND

supermicrox12sdv-10c-sp6fMatch-

Node

supermicrox12sdv-10c-spt4f_firmwareMatch-

AND

supermicrox12sdv-10c-spt4fMatch-

Node

supermicrox12sdv-14c-spt8f_firmwareMatch-

AND

supermicrox12sdv-14c-spt8fMatch-

Node

supermicrox12sdv-16c-spt8f_firmwareMatch-

AND

supermicrox12sdv-16c-spt8fMatch-

Node

supermicrox12sdv-20c-spt8f_firmwareMatch-

AND

supermicrox12sdv-20c-spt8fMatch-

Node

supermicrox12sdv-4c-sp6f_firmwareMatch-

AND

supermicrox12sdv-4c-sp6fMatch-

Node

supermicrox12sdv-4c-spt4f_firmwareMatch-

AND

supermicrox12sdv-4c-spt4fMatch-

Node

supermicrox12sdv-4c-spt8f_firmwareMatch-

AND

supermicrox12sdv-4c-spt8fMatch-

Node

supermicrox12sdv-8c-sp6f_firmwareMatch-

AND

supermicrox12sdv-8c-sp6fMatch-

Node

supermicrox12sdv-8c-spt4f_firmwareMatch-

AND

supermicrox12sdv-8c-spt4fMatch-

Node

supermicrox12sdv-8c-spt8f_firmwareMatch-

AND

supermicrox12sdv-8c-spt8fMatch-

Node

supermicrox12sdv-8ce-sp4f_firmwareMatch-

AND

supermicrox12sdv-8ce-sp4fMatch-

Node

supermicrox12spa-tf_firmwareMatch-

AND

supermicrox12spa-tfMatch-

Node

supermicrox12sped-f_firmwareMatch-

AND

supermicrox12sped-fMatch-

Node

supermicrox12spg-nf_firmwareMatch-

AND

supermicrox12spg-nfMatch-

Node

supermicrox12spi-tf_firmwareMatch-

AND

supermicrox12spi-tfMatch-

Node

supermicrox12spl-f_firmwareMatch-

AND

supermicrox12spl-fMatch-

Node

supermicrox12spl-ln4f_firmwareMatch-

AND

supermicrox12spl-ln4fMatch-

Node

supermicrox12spm-ln4f_firmwareMatch-

AND

supermicrox12spm-ln4fMatch-

Node

supermicrox12spm-ln6tf_firmwareMatch-

AND

supermicrox12spm-ln6tfMatch-

Node

supermicrox12spm-tf_firmwareMatch-

AND

supermicrox12spm-tfMatch-

Node

supermicrox12spo-f_firmwareMatch-

AND

supermicrox12spo-fMatch-

Node

supermicrox12spo-ntf_firmwareMatch-

AND

supermicrox12spo-ntfMatch-

Node

supermicrox12spt-g_firmwareMatch-

AND

supermicrox12spt-gMatch-

Node

supermicrox12spt-gc_firmwareMatch-

AND

supermicrox12spt-gcMatch-

Node

supermicrox12spt-pt_firmwareMatch-

AND

supermicrox12spt-ptMatch-

Node

supermicrox12spw-f_firmwareMatch-

AND

supermicrox12spw-fMatch-

Node

supermicrox12spw-tf_firmwareMatch-

AND

supermicrox12spw-tfMatch-

Node

supermicrox12spz-ln4f_firmwareMatch-

AND

supermicrox12spz-ln4fMatch-

Node

supermicrox12spz-spln6f_firmwareMatch-

AND

supermicrox12spz-spln6fMatch-

Node

supermicrox12std-f_firmwareMatch-

AND

supermicrox12std-fMatch-

Node

supermicrox12ste-f_firmwareMatch-

AND

supermicrox12ste-fMatch-

Node

supermicrox12sth-f_firmwareMatch-

AND

supermicrox12sth-fMatch-

Node

supermicrox12sth-ln4f_firmwareMatch-

AND

supermicrox12sth-ln4fMatch-

Node

supermicrox12sth-sys_firmwareMatch-

AND

supermicrox12sth-sysMatch-

Node

supermicrox12stl-f_firmwareMatch-

AND

supermicrox12stl-fMatch-

Node

supermicrox12stl-if_firmwareMatch-

AND

supermicrox12stl-ifMatch-

Node

supermicrox12stn-c_firmwareMatch-

AND

supermicrox12stn-cMatch-

Node

supermicrox12stn-c-wohs_firmwareMatch-

AND

supermicrox12stn-c-wohsMatch-

Node

supermicrox12stn-e_firmwareMatch-

AND

supermicrox12stn-eMatch-

Node

supermicrox12stn-e-wohs_firmwareMatch-

AND

supermicrox12stn-e-wohsMatch-

Node

supermicrox12stn-h_firmwareMatch-

AND

supermicrox12stn-hMatch-

Node

supermicrox12stn-h-wohs_firmwareMatch-

AND

supermicrox12stn-h-wohsMatch-

Node

supermicrox12stn-l_firmwareMatch-

AND

supermicrox12stn-lMatch-

Node

supermicrox12stn-l-wohs_firmwareMatch-

AND

supermicrox12stn-l-wohsMatch-

Node

supermicrox12stw-f_firmwareMatch-

AND

supermicrox12stw-fMatch-

Node

supermicrox12stw-tf_firmwareMatch-

AND

supermicrox12stw-tfMatch-

Node

supermicroh12ssw-ntr_firmwareMatch-

AND

supermicroh12ssw-ntrMatch-

Node

supermicroh12ssw-ntl_firmwareMatch-

AND

supermicroh12ssw-ntlMatch-

Node

supermicroh12ssw-nt_firmwareMatch-

AND

supermicroh12ssw-ntMatch-

Node

supermicroh12ssw-inr_firmwareMatch-

AND

supermicroh12ssw-inrMatch-

Node

supermicroh12ssw-inl_firmwareMatch-

AND

supermicroh12ssw-inlMatch-

Node

supermicroh12ssw-in_firmwareMatch-

AND

supermicroh12ssw-inMatch-

Node

supermicroh12ssw-an6_firmwareMatch-

AND

supermicroh12ssw-an6Match-

Node

supermicroh12sst-ps_firmwareMatch-

AND

supermicroh12sst-psMatch-

Node

supermicroh12ssl-nt_firmwareMatch-

AND

supermicroh12ssl-ntMatch-

Node

supermicroh12ssl-i_firmwareMatch-

AND

supermicroh12ssl-iMatch-

Node

supermicroh12ssl-ct_firmwareMatch-

AND

supermicroh12ssl-ctMatch-

Node

supermicroh12ssl-c_firmwareMatch-

AND

supermicroh12ssl-cMatch-

Node

supermicroh12ssg-anp6_firmwareMatch-

AND

supermicroh12ssg-anp6Match-

Node

supermicroh12ssg-an6_firmwareMatch-

AND

supermicroh12ssg-an6Match-

Node

supermicroh12ssfr-an6_firmwareMatch-

AND

supermicroh12ssfr-an6Match-

Node

supermicroh12ssff-an6_firmwareMatch-

AND

supermicroh12ssff-an6Match-

Node

supermicroh12dsu-inr_firmwareMatch-

AND

supermicroh12dsu-inrMatch-

Node

supermicroh12dsu-in_firmwareMatch-

AND

supermicroh12dsu-inMatch-

Node

supermicroh12dst-b_firmwareMatch-

AND

supermicroh12dst-bMatch-

Node

supermicroh12dsi-nt6_firmwareMatch-

AND

supermicroh12dsi-nt6Match-

Node

supermicroh12dsi-n6_firmwareMatch-

AND

supermicroh12dsi-n6Match-

Node

supermicroh12dsg-q-cpu6_firmwareMatch-

AND

supermicroh12dsg-q-cpu6Match-

Node

supermicroh12dsg-o-cpu_firmwareMatch-

AND

supermicroh12dsg-o-cpuMatch-

Node

supermicroh12dgq-nt6_firmwareMatch-

AND

supermicroh12dgq-nt6Match-

Node

supermicroh12dgo-6_firmwareMatch-

AND

supermicroh12dgo-6Match-

CPENameOperatorVersion
supermicro:h12dst-b_firmwaresupermicro h12dst-b firmwarelt03.10.35

CPE	Name	Operator	Version
supermicro:h12dst-b_firmware	supermicro h12dst-b firmware	lt	03.10.35

References

blog.freax13.de/cve/cve-2023-35861

www.supermicro.com/en/products/motherboards

www.supermicro.com/en/support/security_SMTP_Jun_2023

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.7%

JSON

Related for CVE-2023-35861

prion1 cvelist1 nvd1