CVE-2023-33412

Name of the Vulnerable Software and Affected Versions Supermicro X11 and M11 based devices versions prior to 3.17.02

Description The web interface in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implementation allows remote authenticated users to execute arbitrary commands via a crafted request targeting vulnerable cgi endpoints. This issue is related to insufficient input validation.

Recommendations For versions prior to 3.17.02, update the firmware to version 3.17.02 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable cgi endpoints until a patch is available.