CVE-2023-35861

2023-07-3100:00:00

mitre

www.cve.org

supermicro

motherboard

shell-injection

vulnerability

email notifications

remote attackers

arbitrary commands

root

bmc

9.9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.8%

JSON

A shell-injection vulnerability in email notifications on Supermicro motherboards (such as H12DST-B before 03.10.35) allows remote attackers to inject execute arbitrary commands as root on the BMC.

References

blog.freax13.de/cve/cve-2023-35861

www.supermicro.com/en/products/motherboards

www.supermicro.com/en/support/security_SMTP_Jun_2023