Code injection

2019-09-2102:15:00

PRIOn knowledge base

www.prio-n.com

9.4 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.9%

JSON

On Supermicro X10 and X11 products, a client’s access privileges may be transferred to a different client that later has the same socket file descriptor number. In opportunistic circumstances, an attacker can simply connect to the virtual media service, and then connect virtual USB devices to the server managed by the BMC.

CPENameOperatorVersion
a1sa2-2750f_firmwareeq3.83
a1sai-2550f_firmwareeq3.83
a1sai-2750f_firmwareeq3.83
a1sam-2550f_firmwareeq3.83
a1sam-2750f_firmwareeq3.83
a1sri-2358f_firmwareeq3.83
a1sri-2558f_firmwareeq3.83
a1sri-2758f_firmwareeq3.83
a1srm-2558f_firmwareeq3.83
a1srm-2758f_firmwareeq3.83

Name	Operator	Version
a1sa2-2750f_firmware	eq	3.83
a1sai-2550f_firmware	eq	3.83
a1sai-2750f_firmware	eq	3.83
a1sam-2550f_firmware	eq	3.83
a1sam-2750f_firmware	eq	3.83
a1sri-2358f_firmware	eq	3.83
a1sri-2558f_firmware	eq	3.83
a1sri-2758f_firmware	eq	3.83
a1srm-2558f_firmware	eq	3.83
a1srm-2758f_firmware	eq	3.83