PT-2020-14142 · Supermicro · Supermicro X10Drh-It
Published
2020-06-24
·
Updated
2024-02-14
·
CVE-2020-15046
CVSS v2.0
9.3
High
| Vector | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Supermicro X10DRH-iT motherboards with BIOS version 2.0a and IPMI firmware version 03.40
Description
The issue allows remote attackers to exploit a CSRF problem in the cgi/config user.cgi file through the web interface, enabling them to add new admin users.
Recommendations
For Supermicro X10DRH-iT motherboards with BIOS version 2.0a and IPMI firmware version 03.40, update the BIOS to version 3.2 and the IPMI firmware to version 03.88.
Exploit
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Supermicro X10Drh-It