6 matches found
CVE-2023-33412
The web interface in the Intelligent Platform Management Interface IPMI baseboard management controller BMC implementation on Supermicro X11 and M11 based devices, with firmware versions before 3.17.02, allows remote authenticated users to execute arbitrary commands via a crafted request targetin...
CVE-2023-33413
The configuration functionality in the Intelligent Platform Management Interface IPMI baseboard management controller BMC implementation on Supermicro X11 and M11 based devices, with firmware versions through 3.17.02, allows remote authenticated users to execute arbitrary commands...
CVE-2023-33411
A web server in the Intelligent Platform Management Interface IPMI baseboard management controller BMC implementation on Supermicro X11 and M11 based devices, with firmware versions up to 3.17.02, allows remote unauthenticated users to perform directory traversal, potentially disclosing sensitive...
Directory traversal
A web server in the Intelligent Platform Management Interface IPMI baseboard management controller BMC implementation on Supermicro X11 and M11 based devices, with firmware versions up to 3.17.02, allows remote unauthenticated users to perform directory traversal, potentially disclosing sensitive...
PT-2023-24338 · Supermicro · Supermicro X11
Name of the Vulnerable Software and Affected Versions: Supermicro X11 and M11 based devices versions through 3.17.02 Description: The configuration functionality in the Intelligent Platform Management Interface IPMI baseboard management controller BMC implementation allows remote authenticated...
CVE-2023-33413
The PT-Security entry for CVE-2023-33413 details a flaw in Supermicro IPMI BMC on X11/M11 devices up to firmware 3.17.02. The root cause is hardcoded configuration file encryption keys used by the IPMI BMC config function, enabling remote authenticated users to craft/upload a malicious configurat...