CVE-2023-40288

Name of the Vulnerable Software and Affected Versions Supermicro X11SSM-F version 1.66 Supermicro X11SAE-F version 1.66 Supermicro X11SSE-F version 1.66

Description An issue exists in the web interface of Supermicro X11 series BMC IPMI servers due to inadequate protection of the web page structure. This allows a remote attacker to conduct a cross-site scripting (XSS) attack using a specially crafted GET request. The issue could be exploited by an attacker to potentially gain unauthorized access or control.

Recommendations For Supermicro X11SSM-F version 1.66, consider disabling the web interface until a patch is available. For Supermicro X11SAE-F version 1.66, restrict access to the BMC IPMI server to minimize the risk of exploitation. For Supermicro X11SSE-F version 1.66, avoid using the web interface for sensitive operations until the issue is resolved. As a temporary workaround, consider implementing additional security measures, such as input validation and sanitization, to prevent XSS attacks.