CVE-2019-16649

Name of the Vulnerable Software and Affected Versions Supermicro products versions (affected versions not specified)

Description The issue is related to a combination of encryption and authentication problems in the virtual media service of the affected products. This allows attackers to capture BMC credentials and data transferred over virtual media devices. The captured credentials can then be used to connect virtual USB devices to the server managed by the BMC.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.