CVE-2019-16650

Name of the Vulnerable Software and Affected Versions Supermicro X10 and X11 products (affected versions not specified)

Description The issue allows a client's access privileges to be transferred to a different client that later has the same socket file descriptor number. An attacker can exploit this by connecting to the virtual media service and then connecting virtual USB devices to the server managed by the BMC.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.