CVE-2023-40290

Name of the Vulnerable Software and Affected Versions Supermicro X11 series versions 1.66

Description The issue exists due to a lack of protection for the web page structure in the web interface of Supermicro X11 series BMC IPMI servers. This allows a remote attacker to conduct a cross-site scripting (XSS) attack using a specially crafted GET request. The vulnerability affects Internet Explorer 11 on Windows, permitting arbitrary JavaScript execution within the logged-in BMC user's context.

Recommendations For Supermicro X11 series version 1.66, consider disabling the web interface or restricting access to it until a patch is available. As a temporary workaround, avoid using Internet Explorer 11 to access the BMC IPMI server. Restrict access to the vulnerable web interface to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.