CVE-2023-33413

Name of the Vulnerable Software and Affected Versions Supermicro X11 and M11 based devices versions through 3.17.02

Description The configuration functionality in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implementation allows remote authenticated users to execute arbitrary commands. IPMI BMC devices use hardcoded configuration file encryption keys, allowing an attacker to craft and upload a malicious configuration file package to gain remote command execution.

Recommendations For versions through 3.17.02, consider disabling the configuration functionality in the IPMI BMC implementation until a patch is available. Restrict access to the configuration file upload feature to minimize the risk of exploitation. Avoid using the hardcoded configuration file encryption keys in the affected devices until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.