CVE-2023-33411

Name of the Vulnerable Software and Affected Versions Supermicro X11 and M11 based devices with firmware versions up to 3.17.02

Description A web server in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implementation allows remote unauthenticated users to perform directory traversal, potentially disclosing sensitive information. This issue may also allow access to iKVM, enabling the rebooting of the host.

Recommendations For Supermicro X11 and M11 based devices with firmware versions up to 3.17.02, update the firmware to a version later than 3.17.02 to resolve the issue. As a temporary workaround, consider restricting access to the IPMI BMC SSDP/UPnP web server to minimize the risk of exploitation.