CVE-2023-2538

Name of the Vulnerable Software and Affected Versions Tyan S5552 BMC version 3.00

Description A CWE-552 issue in the web interface allows an unauthenticated remote attacker to retrieve the private key of the TLS certificate in use by the BMC via forced browsing. This can be abused to perform Man-in-the-Middle (MitM) attacks against victims accessing the web interface through HTTPS.

Recommendations For Tyan S5552 BMC version 3.00, consider restricting access to the web interface until a patch is available to prevent exploitation. As a temporary workaround, limit access to the BMC's web interface to minimize the risk of MitM attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.