CVE-2023-40286

Name of the Vulnerable Software and Affected Versions Supermicro X11 series versions 1.66

Description The issue exists due to the lack of protection for the web page structure in the web interface of Supermicro X11 series BMC IPMI servers. This allows a remote attacker to exploit an XSS issue and potentially execute arbitrary code. An attacker could exploit this issue on affected devices, including Supermicro X11SSM-F, X11SAE-F, and X11SSE-F.

Recommendations For Supermicro X11 series version 1.66, consider disabling the web interface until a patch is available to prevent exploitation of the XSS issue. Restrict access to the web interface to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.