PT-2019-14739 · Supermicro · Supermicro X10+1
Published
2019-09-21
·
Updated
2020-08-24
·
CVE-2019-16650
CVSS v3.1
10
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Supermicro X10 and X11 products (affected versions not specified)
Description
The issue allows a client's access privileges to be transferred to a different client that later has the same socket file descriptor number. An attacker can exploit this by connecting to the virtual media service and then connecting virtual USB devices to the server managed by the BMC.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Supermicro X10
Supermicro X11