PT-2023-25350 · Supermicro · Supermicro Motherboards

Freax13

Publicado

2023-07-31

Atualizado

2023-08-07

CVE-2023-35861

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Supermicro motherboards versions prior to 03.10.35

Description A shell-injection vulnerability in email notifications on Supermicro motherboards allows remote attackers to inject and execute arbitrary commands as root on the BMC.

Recommendations For versions prior to 03.10.35, update to version 03.10.35 or later to resolve the issue. As a temporary workaround, consider disabling email notifications on the BMC until a patch is available. Restrict access to the BMC to minimize the risk of exploitation.

Exploit

Correção

OS Command Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-78

Identificadores relacionados

CVE-2023-35861

Produtos afetados

Supermicro Motherboards

PT-2023-25350 · Supermicro · Supermicro Motherboards

CVE-2023-35861

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7