Vulnerabilities in Supermicro BMC IPMI firmware (CVE-2023-40289, CVE-2023-40284, CVE-2023-40287, CVE-2023-40288, CVE-2023-40290, CVE-2023-40285, CVE-2023-40286)

Brocade Extension Switches

3 more products

22656

07 October 2023

07 October 2023

CLOSED

LOW

CVE-2023-40289,CVE-2023-40284, CVE-2023-40287, CVE-2023-40288, CVE-2023-40290, CVE-2023-40285, CVE-2023-40286

Brocade Security Advisory ID

BSA-2023-2418

Component

Supermicro BMC IPMI firmware

 

 

Summary

The Binarly research team has discovered multiple vulnerabilities in the Supermicro IPMI firmware component developed by ATEN. Vulnerabilities can be exploited by unauthenticated, remote attackers and could result in obtaining the root of the BMC system.

CVE ID Severity** Issue Type Description**
High Command Injection attack

An attacker needs to be logged into BMC with administrator privileges to exploit the vulnerability. An unvalidated input value could allow the attacker to perform command injection.

Supermicro CVSSv3 score: 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)

High XSS attack

An attacker could send a phishing link that does not require login, tricking BMC administrators to click on that link while they are still logged in and thus authenticated by BMC Web UI.

Supermicro CVSSv3 score: 8.3 (AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)

High XSS attack

An attacker could send a phishing link that does not require login, tricking BMC administrators to click on that link while they are still logged in and thus authenticated by BMC Web UI. This vulnerability can only be exploited using Windows IE11 browser.

Supermicro CVSSv3 score: 8.3 (AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)

High XSS attack

An attacker could send a phishing link that does not require login, tricking BMC administrators to click on that link while they are still logged in and thus authenticated by BMC Web UI. The attacker poisons the administrator’s browser cookies to create a new user.

Supermicro CVSSv3 score: 8.3 (AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)

 

More information is at: https://www.supermicro.com/en/support/security_BMC_IPMI_Oct_2023

Products Under Investigation

No Brocade Fibre Channel Product from Broadcom Products is known to be affected by these vulnerabilities.

Revision History

Version

Change

Date

1.0

Initial Publication

October 6, 2023

 

Disclaimer

THIS DOCUMENT IS PROVIDED ON AN AS-IS BASIS SOLELY FOR INFORMATIONAL PURPOSES AND DOES NOT IMPLY ANY KIND OF GUARANTY OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. YOUR USE OF THE INFORMATION CONTAINED HEREIN IS AT YOUR OWN RISK. ALL INFORMATION PROVIDED HEREIN IS BASED ON BROCADE'S CURRENT KNOWLEDGE AND UNDERSTANDING OF THE VULNERABILITY AND IMPACT TO BROCADE HARDWARE AND SOFTWARE PRODUCTS. BROCADE RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.