CVE-2023-40289

Name of the Vulnerable Software and Affected Versions Supermicro X11SSM-F, X11SAE-F, and X11SSE-F versions 1.66 Supermicro BMC versions 8.3 through 9.6

Description A command injection issue was discovered, allowing an attacker to elevate privileges from a user with BMC administrative privileges. This issue is related to insufficient checking of arguments passed to a command. An attacker can exploit this to execute arbitrary commands. The issue affects Supermicro BMC servers, specifically the X11 series, and has a critical rating.

Recommendations For Supermicro X11SSM-F, X11SAE-F, and X11SSE-F version 1.66, consider disabling administrative privileges for BMC users until a patch is available. For Supermicro BMC versions 8.3 through 9.6, restrict access to the BMC interface to minimize the risk of exploitation. As a temporary workaround, consider disabling the command injection functionality until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.