PT-2023-5857 · Supermicro · Supermicro X11Sae-F+1
Published
2023-08-17
·
Updated
2024-12-06
·
CVE-2023-40285
CVSS v2.0
7.6
High
| Vector | AV:N/AC:H/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Supermicro X11SSM-F version 1.66
Supermicro X11SAE-F version 1.66
Supermicro X11SSE-F version 1.66
Description
An issue exists in the web interface of Supermicro X11 series BMC IPMI servers due to inadequate protection of the web page structure. This issue can be exploited by an attacker to execute arbitrary code. The issue is related to a cross-site scripting (XSS) problem.
Recommendations
For Supermicro X11SSM-F version 1.66, update the firmware to a version that addresses the XSS issue.
For Supermicro X11SAE-F version 1.66, update the firmware to a version that addresses the XSS issue.
For Supermicro X11SSE-F version 1.66, update the firmware to a version that addresses the XSS issue.
As a temporary workaround, consider restricting access to the web interface of the affected devices until a patch is available.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Supermicro X11Sae-F
Supermicro X11Sse-F