CVE-2024-36435

Name of the Vulnerable Software and Affected Versions: Supermicro BMC firmware in select X11, X12, H12, B12, X13, H13, and B13 motherboards (and CMM6 modules) (affected versions not specified)

Description: An issue was discovered in the Supermicro BMC firmware that allows an unauthenticated user to post crafted data to the interface, triggering a stack buffer overflow and potentially leading to arbitrary remote code execution on a BMC. The vulnerability is related to the GetValue function in the web interface of BMC IPMI servers. Exploitation of the vulnerability may allow an attacker to execute arbitrary code using a specially crafted file.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.