Binarly Inc

**Name of the Vulnerable Software and Affected Versions** Supermicro BMC firmware on Supermicro MBD-X12STW-F (affected versions not specified) **Description** An issue exists in the firmware validation logic of Supermicro BMC firmware. An attacker can potentially update the system firmware using a specially crafted image. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Supermicro BMC firmware versions (affected versions not specified) **Description** The Supermicro BMC firmware contains a flaw in its validation logic. An attacker can exploit this to update the system firmware with a specially crafted image. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Supermicro BMC firmware versions (affected versions not specified) **Description** An issue exists in the Supermicro BMC firmware validation logic on Supermicro MBD-X12STW. An attacker can update the system firmware with a specially crafted image. Exploitation of this issue may allow a remote attacker to install and execute a malformed BMC firmware update image, potentially creating persistent backdoors. The vulnerability relates to errors in the cryptographic signature verification process within the BMC web interface. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Supermicro BMC firmware versions (affected versions not specified) **Description** The Supermicro BMC firmware contains a flaw in its firmware validation logic. This allows an attacker to update the system firmware with a specially crafted image, potentially enabling “bring your own vulnerable firmware image” (BYOVD) style persistence. The vulnerability resides in the BMC firmware signature validation logic. The issue affects Supermicro MBD-X13SEM-F. The vulnerability allows remote attackers to update the system firmware. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.