PT-2019-14737 · Supermicro · Supermicro

Published

2019-09-21

Updated

2020-08-24

CVE-2019-16649

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Supermicro products versions (affected versions not specified)

Description The issue is related to a combination of encryption and authentication problems in the virtual media service of the affected products. This allows attackers to capture BMC credentials and data transferred over virtual media devices. The captured credentials can then be used to connect virtual USB devices to the server managed by the BMC.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Insufficiently Protected Credentials

Inadequate Encryption Strength

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-522CWE-326CWE-287

Related Identifiers

CVE-2019-16649

Affected Products

Supermicro

PT-2019-14737 · Supermicro · Supermicro

CVE-2019-16649

Weakness Enumeration

Related Identifiers

Affected Products

References · 5