Vulnerabilities in Supermicro BMC IPMI firmware (CVE-2023-40289, CVE-2023-40284, CVE-2023-40287, CVE-2023-40288, CVE-2023-40290, CVE-2023-40285, CVE-2023-40286)
22656
07 October 2023
07 October 2023
CLOSED
LOW
CVE-2023-40289,CVE-2023-40284, CVE-2023-40287, CVE-2023-40288, CVE-2023-40290, CVE-2023-40285, CVE-2023-40286
Brocade Security Advisory ID |
BSA-2023-2418 |
Component |
Supermicro BMC IPMI firmware |
|
|
Summary
The Binarly research team has discovered multiple vulnerabilities in the Supermicro IPMI firmware component developed by ATEN. Vulnerabilities can be exploited by unauthenticated, remote attackers and could result in obtaining the root of the BMC system.
CVE ID | Severity** | Issue Type | Description** |
---|---|---|---|
High | Command Injection attack |
An attacker needs to be logged into BMC with administrator privileges to exploit the vulnerability. An unvalidated input value could allow the attacker to perform command injection. Supermicro CVSSv3 score: 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H) |
|
High | XSS attack |
An attacker could send a phishing link that does not require login, tricking BMC administrators to click on that link while they are still logged in and thus authenticated by BMC Web UI. Supermicro CVSSv3 score: 8.3 (AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) |
|
High | XSS attack |
An attacker could send a phishing link that does not require login, tricking BMC administrators to click on that link while they are still logged in and thus authenticated by BMC Web UI. This vulnerability can only be exploited using Windows IE11 browser. Supermicro CVSSv3 score: 8.3 (AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) |
|
High | XSS attack |
An attacker could send a phishing link that does not require login, tricking BMC administrators to click on that link while they are still logged in and thus authenticated by BMC Web UI. The attacker poisons the administrator’s browser cookies to create a new user. Supermicro CVSSv3 score: 8.3 (AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) |
More information is at: https://www.supermicro.com/en/support/security_BMC_IPMI_Oct_2023
Products Under Investigation
No Brocade Fibre Channel Product from Broadcom Products is known to be affected by these vulnerabilities.
Revision History
Version |
Change |
Date |
1.0 |
Initial Publication |
October 6, 2023 |
Disclaimer
THIS DOCUMENT IS PROVIDED ON AN AS-IS BASIS SOLELY FOR INFORMATIONAL PURPOSES AND DOES NOT IMPLY ANY KIND OF GUARANTY OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. YOUR USE OF THE INFORMATION CONTAINED HEREIN IS AT YOUR OWN RISK. ALL INFORMATION PROVIDED HEREIN IS BASED ON BROCADE'S CURRENT KNOWLEDGE AND UNDERSTANDING OF THE VULNERABILITY AND IMPACT TO BROCADE HARDWARE AND SOFTWARE PRODUCTS. BROCADE RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.