Search criteria
13 vulnerabilities
CVE-2026-3820 (GCVE-0-2026-3820)
Vulnerability from cvelistv5 – Published: 2026-06-04 08:07 – Updated: 2026-06-04 12:45
VLAI
Title
Supermicro BMC's SMTP service contains a command injection vulnerability
Summary
There is a vulnerability in the Supermicro BMC SMTP service at Supermicro AS-2115HS-TNR.
An attacker may obtain administrator privileges and inject specially crafted characters into the SMTP service configuration. This may cause the underlying system to execute unintended commands during process invocation.
Potential impact includes denial-of-service attacks, arbitrary code execution, or permanent compromise of the controller.
Severity
7.2 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper neutralization of special elements used in an OS command ('OS command injection')
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SMCI | AS-2115HS-TNR |
Affected:
01.08.01
Affected: 01.06.04 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-3820",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-04T12:45:45.998787Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-04T12:45:58.192Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"platforms": [
"BMC"
],
"product": "AS-2115HS-TNR",
"vendor": "SMCI",
"versions": [
{
"status": "affected",
"version": "01.08.01"
},
{
"status": "affected",
"version": "01.06.04"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Coreweave Red Team and Hoang Bui from Coreweave"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There is a vulnerability in the Supermicro BMC SMTP service at Supermicro AS-2115HS-TNR.\u0026nbsp;\u003cbr\u003e\u003cspan\u003eAn attacker may obtain administrator privileges and inject specially crafted characters into the SMTP service configuration. This may cause the underlying system to execute unintended commands during process invocation.\u003c/span\u003e\u003cp\u003ePotential impact includes denial-of-service attacks, arbitrary code execution, or permanent compromise of the controller.\u003c/p\u003e"
}
],
"value": "There is a vulnerability in the Supermicro BMC SMTP service at Supermicro AS-2115HS-TNR.\u00a0\nAn attacker may obtain administrator privileges and inject specially crafted characters into the SMTP service configuration. This may cause the underlying system to execute unintended commands during process invocation.\n\nPotential impact includes denial-of-service attacks, arbitrary code execution, or permanent compromise of the controller."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper neutralization of special elements used in an OS command (\u0027OS command injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-04T08:07:57.608Z",
"orgId": "def9a96e-e099-41a9-bfac-30fd4f82c411",
"shortName": "Supermicro"
},
"references": [
{
"url": "https://www.supermicro.com/en/support/security_BMC_IPMI_Jun_2026"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Supermicro BMC\u0027s SMTP service contains a command injection vulnerability",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "def9a96e-e099-41a9-bfac-30fd4f82c411",
"assignerShortName": "Supermicro",
"cveId": "CVE-2026-3820",
"datePublished": "2026-06-04T08:07:57.608Z",
"dateReserved": "2026-03-09T02:52:12.355Z",
"dateUpdated": "2026-06-04T12:45:58.192Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12007 (GCVE-0-2025-12007)
Vulnerability from cvelistv5 – Published: 2026-01-16 08:39 – Updated: 2026-02-26 21:39
VLAI
Title
Supermicro BMC firmware update validation bypass
Summary
There is a vulnerability in the Supermicro BMC firmware validation logic at Supermicro MBD-X13SEM-F . An attacker can update the system firmware with a specially crafted image.
Severity
8.4 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-347 - Improper Verification of Cryptographic Signature
Assigner
References
1 reference
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-12007",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-17T04:55:13.408100Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T21:39:58.686Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"BMC"
],
"product": "X13SEM-F",
"vendor": "SMCI",
"versions": [
{
"status": "unaffected",
"version": "fixed in 01.06.10"
},
{
"status": "affected",
"version": "01.05.02"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Binarly Inc."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There is a vulnerability in the Supermicro BMC firmware validation logic at Supermicro MBD-X13SEM-F . An attacker can update the system firmware with a specially crafted image."
}
],
"value": "There is a vulnerability in the Supermicro BMC firmware validation logic at Supermicro MBD-X13SEM-F . An attacker can update the system firmware with a specially crafted image."
}
],
"impacts": [
{
"capecId": "CAPEC-473",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-473 Signature Spoofing by Improper Validation"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347 Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-04T07:08:50.981Z",
"orgId": "def9a96e-e099-41a9-bfac-30fd4f82c411",
"shortName": "Supermicro"
},
"references": [
{
"url": "https://www.supermicro.com/en/support/security_BMC_IPMI_Jan_2026"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Supermicro BMC firmware update validation bypass",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "def9a96e-e099-41a9-bfac-30fd4f82c411",
"assignerShortName": "Supermicro",
"cveId": "CVE-2025-12007",
"datePublished": "2026-01-16T08:39:41.840Z",
"dateReserved": "2025-10-21T06:56:00.287Z",
"dateUpdated": "2026-02-26T21:39:58.686Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12006 (GCVE-0-2025-12006)
Vulnerability from cvelistv5 – Published: 2026-01-16 08:36 – Updated: 2026-02-26 15:04
VLAI
Title
Supermicro BMC firmware update validation bypass
Summary
There is a vulnerability in the Supermicro BMC firmware validation logic at Supermicro MBD-X12STW-F . An attacker can update the system firmware with a specially crafted image.
Severity
7.2 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-347 - Improper Verification of Cryptographic Signature
Assigner
References
1 reference
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12006",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-17T04:55:12.263976Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T15:04:03.326Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"platforms": [
"BMC"
],
"product": "X12STW-F",
"vendor": "SMCI",
"versions": [
{
"status": "unaffected",
"version": "fixed in 01.08.08",
"versionType": "BMC"
},
{
"status": "affected",
"version": "01.07.09",
"versionType": "BMC"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Binarly Inc."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There is a vulnerability in the Supermicro BMC firmware validation logic at Supermicro MBD-X12STW-F . An attacker can update the system firmware with a specially crafted image."
}
],
"value": "There is a vulnerability in the Supermicro BMC firmware validation logic at Supermicro MBD-X12STW-F . An attacker can update the system firmware with a specially crafted image."
}
],
"impacts": [
{
"capecId": "CAPEC-473",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-473 Signature Spoofing by Improper Validation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347 Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-03T07:42:47.154Z",
"orgId": "def9a96e-e099-41a9-bfac-30fd4f82c411",
"shortName": "Supermicro"
},
"references": [
{
"url": "https://www.supermicro.com/en/support/security_BMC_IPMI_Jan_2026"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Supermicro BMC firmware update validation bypass",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "def9a96e-e099-41a9-bfac-30fd4f82c411",
"assignerShortName": "Supermicro",
"cveId": "CVE-2025-12006",
"datePublished": "2026-01-16T08:36:33.739Z",
"dateReserved": "2025-10-21T06:55:56.279Z",
"dateUpdated": "2026-02-26T15:04:03.326Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-8727 (GCVE-0-2025-8727)
Vulnerability from cvelistv5 – Published: 2025-11-18 07:52 – Updated: 2026-02-26 16:56
VLAI
Title
A stack buffer overflow vulnerability exists in the Supermicro BMC Web function(SSL).
Summary
There is a vulnerability in the Supermicro BMC web function at Supermicro MBD-X13SEDW-F. After logging into the BMC Web server, an attacker can use a specially crafted payload to trigger the Stack buffer overflow vulnerability.
Severity
7.2 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
1 reference
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8727",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-19T04:55:25.585194Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T16:56:46.660Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"BMC"
],
"product": "X13SEDW-F",
"vendor": "SMCI",
"versions": [
{
"status": "affected",
"version": "01.03.48"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Coreweave Red Team and Hoang Bui from Coreweave"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThere is a vulnerability in the Supermicro BMC web function at Supermicro MBD-X13SEDW-F. After logging into the BMC Web server, an attacker can use a specially crafted payload to trigger the Stack buffer overflow vulnerability.\u003c/span\u003e"
}
],
"value": "There is a vulnerability in the Supermicro BMC web function at Supermicro MBD-X13SEDW-F. After logging into the BMC Web server, an attacker can use a specially crafted payload to trigger the Stack buffer overflow vulnerability."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-18T07:52:09.494Z",
"orgId": "def9a96e-e099-41a9-bfac-30fd4f82c411",
"shortName": "Supermicro"
},
"references": [
{
"url": "https://www.supermicro.com/zh_tw/support/security_BMC_IPMI_Nov_2025"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "A stack buffer overflow vulnerability exists in the Supermicro BMC Web function(SSL).",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "def9a96e-e099-41a9-bfac-30fd4f82c411",
"assignerShortName": "Supermicro",
"cveId": "CVE-2025-8727",
"datePublished": "2025-11-18T07:52:09.494Z",
"dateReserved": "2025-08-08T06:19:23.996Z",
"dateUpdated": "2026-02-26T16:56:46.660Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-8404 (GCVE-0-2025-8404)
Vulnerability from cvelistv5 – Published: 2025-11-18 07:43 – Updated: 2025-11-19 16:49
VLAI
Title
Stack buffer overflow vulnerability exists in the Supermicro BMC Shared library
Summary
Stack buffer overflow vulnerability exists in the Supermicro BMC Shared library. An authenticated attacker with access to the BMC exploit stack buffer via a crafted header and achieve arbitrary code execution of the BMC’s firmware operating system.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SMCI | MBD-X13SEDW-F |
Affected:
01.03.48
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8404",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-18T15:03:01.602502Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-19T16:49:08.007Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"BMC"
],
"product": "MBD-X13SEDW-F",
"vendor": "SMCI",
"versions": [
{
"status": "affected",
"version": "01.03.48"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Coreweave Red Team and Hoang Bui from Coreweave"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eStack buffer overflow vulnerability exists in the Supermicro BMC Shared library. An authenticated attacker with access to the BMC exploit stack buffer via a crafted\u0026nbsp; header and achieve arbitrary code execution of the BMC\u2019s firmware operating system.\u003c/span\u003e"
}
],
"value": "Stack buffer overflow vulnerability exists in the Supermicro BMC Shared library. An authenticated attacker with access to the BMC exploit stack buffer via a crafted\u00a0 header and achieve arbitrary code execution of the BMC\u2019s firmware operating system."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-18T07:43:15.191Z",
"orgId": "def9a96e-e099-41a9-bfac-30fd4f82c411",
"shortName": "Supermicro"
},
"references": [
{
"url": "https://www.supermicro.com/zh_tw/support/security_BMC_IPMI_Nov_2025"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Stack buffer overflow vulnerability exists in the Supermicro BMC Shared library",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "def9a96e-e099-41a9-bfac-30fd4f82c411",
"assignerShortName": "Supermicro",
"cveId": "CVE-2025-8404",
"datePublished": "2025-11-18T07:43:15.191Z",
"dateReserved": "2025-07-31T03:32:10.733Z",
"dateUpdated": "2025-11-19T16:49:08.007Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-8076 (GCVE-0-2025-8076)
Vulnerability from cvelistv5 – Published: 2025-11-18 07:16 – Updated: 2026-02-26 16:56
VLAI
Title
A stack buffer overflow vulnerability exists in the Supermicro BMC Web function
Summary
There is a vulnerability in the Supermicro BMC web function at Supermicro MBD-X13SEDW-F. After logging into the BMC Web server, an attacker can use a specially crafted payload to trigger the Stack buffer overflow vulnerability.
Severity
7.2 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SMCI | MBD-X13SEDW-F |
Affected:
01.03.48
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8076",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-19T04:55:26.217727Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T16:56:46.962Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"BMC"
],
"product": "MBD-X13SEDW-F",
"vendor": "SMCI",
"versions": [
{
"status": "affected",
"version": "01.03.48"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Coreweave Red Team and Hoang Bui from Coreweave"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThere is a vulnerability in the Supermicro BMC web function at Supermicro MBD-X13SEDW-F. After logging into the BMC Web server, an attacker can use a specially crafted payload to trigger the Stack buffer overflow vulnerability.\u003c/span\u003e"
}
],
"value": "There is a vulnerability in the Supermicro BMC web function at Supermicro MBD-X13SEDW-F. After logging into the BMC Web server, an attacker can use a specially crafted payload to trigger the Stack buffer overflow vulnerability."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-18T07:16:57.968Z",
"orgId": "def9a96e-e099-41a9-bfac-30fd4f82c411",
"shortName": "Supermicro"
},
"references": [
{
"url": "https://www.supermicro.com/zh_tw/support/security_BMC_IPMI_Nov_2025"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "A stack buffer overflow vulnerability exists in the Supermicro BMC Web function",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "def9a96e-e099-41a9-bfac-30fd4f82c411",
"assignerShortName": "Supermicro",
"cveId": "CVE-2025-8076",
"datePublished": "2025-11-18T07:16:57.968Z",
"dateReserved": "2025-07-23T07:54:45.632Z",
"dateUpdated": "2026-02-26T16:56:46.962Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-7623 (GCVE-0-2025-7623)
Vulnerability from cvelistv5 – Published: 2025-11-18 07:05 – Updated: 2025-11-18 16:15
VLAI
Title
Supermicro BMC SMASH services has a Stack-based buffer overflow vulnerability
Summary
Stack-based buffer overflow in the SMASH-CLP shell. An authenticated attacker with SSH access to the BMC can exploit a stack buffer overflow via a crafted SMASH command, overwrite the return address and registers, and achieve arbitrary code execution on the BMC firmware operating system
Severity
5.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SMCI | MBD-X13SEDW-F |
Affected:
01.04.11
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7623",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-18T16:15:27.602113Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-18T16:15:33.824Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"BMC"
],
"product": "MBD-X13SEDW-F",
"vendor": "SMCI",
"versions": [
{
"status": "affected",
"version": "01.04.11"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Coreweave Red Team and Hoang Bui from Coreweave"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eStack-based buffer overflow in the SMASH-CLP shell. An authenticated attacker with SSH access to the BMC can exploit a stack buffer overflow via a crafted SMASH command, overwrite the return address and registers, and achieve arbitrary code execution on the BMC firmware operating system\u003c/span\u003e"
}
],
"value": "Stack-based buffer overflow in the SMASH-CLP shell. An authenticated attacker with SSH access to the BMC can exploit a stack buffer overflow via a crafted SMASH command, overwrite the return address and registers, and achieve arbitrary code execution on the BMC firmware operating system"
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-18T07:59:14.817Z",
"orgId": "def9a96e-e099-41a9-bfac-30fd4f82c411",
"shortName": "Supermicro"
},
"references": [
{
"url": "https://www.supermicro.com/zh_tw/support/security_BMC_IPMI_Nov_2025"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Supermicro BMC SMASH services has a Stack-based buffer overflow vulnerability",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "def9a96e-e099-41a9-bfac-30fd4f82c411",
"assignerShortName": "Supermicro",
"cveId": "CVE-2025-7623",
"datePublished": "2025-11-18T07:05:21.640Z",
"dateReserved": "2025-07-14T06:39:34.861Z",
"dateUpdated": "2025-11-18T16:15:33.824Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-7704 (GCVE-0-2025-7704)
Vulnerability from cvelistv5 – Published: 2025-11-13 09:12 – Updated: 2025-11-13 18:12
VLAI
Title
Supermicro BMC SMASH services has a Stack-based buffer overflow vulnerability
Summary
Supermicro BMC Insyde SMASH shell program has a stacked-based overflow vulnerability
Severity
5.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SMCI | SYS-111C-NR |
Affected:
1.04.11
(BMC)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7704",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-13T18:11:57.836549Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-13T18:12:05.194Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"BMC"
],
"product": "SYS-111C-NR",
"vendor": "SMCI",
"versions": [
{
"status": "affected",
"version": "1.04.11",
"versionType": "BMC"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Nils Heuer, Benedikt Heck, Benedict Schl\u00fcter and Shweta Shinde of ETH Zurich"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSupermicro BMC Insyde SMASH shell program has a stacked-based overflow vulnerability\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Supermicro BMC Insyde SMASH shell program has a stacked-based overflow vulnerability"
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-13T09:15:53.620Z",
"orgId": "def9a96e-e099-41a9-bfac-30fd4f82c411",
"shortName": "Supermicro"
},
"references": [
{
"url": "https://www.supermicro.com/en/support/security_BMC_IPMI_Oct_2025"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Supermicro BMC SMASH services has a Stack-based buffer overflow vulnerability",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "def9a96e-e099-41a9-bfac-30fd4f82c411",
"assignerShortName": "Supermicro",
"cveId": "CVE-2025-7704",
"datePublished": "2025-11-13T09:12:11.508Z",
"dateReserved": "2025-07-16T10:01:00.898Z",
"dateUpdated": "2025-11-13T18:12:05.194Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-7937 (GCVE-0-2025-7937)
Vulnerability from cvelistv5 – Published: 2025-09-19 02:09 – Updated: 2026-02-26 17:48
VLAI
Title
Supermicro BMC firmware update validation bypass
Summary
There is a vulnerability in the Supermicro BMC firmware validation logic at Supermicro MBD-X12STW . An attacker can update the system firmware with a specially crafted image.
Severity
7.2 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-347 - Improper Verification of Cryptographic Signature
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SMCI | MBD-X12STW |
Affected:
01.06.17
|
Date Public
2025-09-16 16:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7937",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-20T03:55:39.812021Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T17:48:24.094Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"BMC"
],
"product": "MBD-X12STW",
"vendor": "SMCI",
"versions": [
{
"status": "affected",
"version": "01.06.17"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Binarly Inc."
}
],
"datePublic": "2025-09-16T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThere is a vulnerability in the Supermicro BMC firmware validation logic at Supermicro MBD-X12STW . An attacker can update the system firmware with a specially crafted image.\u003c/span\u003e"
}
],
"value": "There is a vulnerability in the Supermicro BMC firmware validation logic at Supermicro MBD-X12STW . An attacker can update the system firmware with a specially crafted image."
}
],
"impacts": [
{
"capecId": "CAPEC-473",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-473 Signature Spoofing by Improper Validation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347 Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-25T09:17:12.107Z",
"orgId": "def9a96e-e099-41a9-bfac-30fd4f82c411",
"shortName": "Supermicro"
},
"references": [
{
"url": "https://www.supermicro.com/en/support/security_BMC_IPMI_Sept_2025"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Supermicro BMC firmware update validation bypass",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "def9a96e-e099-41a9-bfac-30fd4f82c411",
"assignerShortName": "Supermicro",
"cveId": "CVE-2025-7937",
"datePublished": "2025-09-19T02:09:33.323Z",
"dateReserved": "2025-07-21T06:46:51.613Z",
"dateUpdated": "2026-02-26T17:48:24.094Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-6198 (GCVE-0-2025-6198)
Vulnerability from cvelistv5 – Published: 2025-09-19 01:45 – Updated: 2026-02-26 17:48
VLAI
Title
Supermicro BMC firmware update validation bypass
Summary
There is a vulnerability in the Supermicro BMC firmware validation logic at Supermicro MBD-X13SEM-F . An attacker can update the system firmware with a specially crafted image.
Severity
7.2 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-347 - Improper Verification of Cryptographic Signature
Assigner
References
1 reference
Date Public
2025-09-16 16:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6198",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-20T03:55:40.580200Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T17:48:24.628Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"platforms": [
"BMC"
],
"product": "X13SEM-F",
"vendor": "SMCI",
"versions": [
{
"status": "affected",
"version": "01.03.47",
"versionType": "BMC"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Binarly Inc."
}
],
"datePublic": "2025-09-16T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThere is a vulnerability in the Supermicro BMC firmware validation logic at Supermicro MBD-X13SEM-F . An attacker can update the system firmware with a specially crafted image.\u003c/span\u003e"
}
],
"value": "There is a vulnerability in the Supermicro BMC firmware validation logic at Supermicro MBD-X13SEM-F . An attacker can update the system firmware with a specially crafted image."
}
],
"impacts": [
{
"capecId": "CAPEC-473",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-473 Signature Spoofing by Improper Validation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347 Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-25T09:15:44.032Z",
"orgId": "def9a96e-e099-41a9-bfac-30fd4f82c411",
"shortName": "Supermicro"
},
"references": [
{
"url": "https://www.supermicro.com/en/support/security_BMC_IPMI_Sept_2025"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Supermicro BMC firmware update validation bypass",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "def9a96e-e099-41a9-bfac-30fd4f82c411",
"assignerShortName": "Supermicro",
"cveId": "CVE-2025-6198",
"datePublished": "2025-09-19T01:45:39.133Z",
"dateReserved": "2025-06-17T08:24:37.493Z",
"dateUpdated": "2026-02-26T17:48:24.628Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-10239 (GCVE-0-2024-10239)
Vulnerability from cvelistv5 – Published: 2025-02-04 08:02 – Updated: 2025-02-04 14:25
VLAI
Title
fld->used_bytes without sanity check causes stack overflow
Summary
A security issue in the firmware image verification implementation at Supermicro MBD-X12DPG-OA6 . An attacker with administrator privileges can upload a specially crafted image, which can cause a stack overflow due to the unchecked fat->fsd.max_fld.
Severity
7.2 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SMCI | MBD-X12DPG-OA6 |
Affected:
1.04.16
(BMC)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-10239",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T14:25:08.579433Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-04T14:25:28.872Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"platforms": [
"BMC"
],
"product": "MBD-X12DPG-OA6",
"vendor": "SMCI",
"versions": [
{
"status": "affected",
"version": "1.04.16",
"versionType": "BMC"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA security issue in the firmware image verification implementation at Supermicro\u0026nbsp;MBD-X12DPG-OA6\u0026nbsp;. An attacker with administrator privileges can upload a specially crafted image, which can cause a stack overflow due to the unchecked fat-\u0026gt;fsd.max_fld.\u003c/span\u003e"
}
],
"value": "A security issue in the firmware image verification implementation at Supermicro\u00a0MBD-X12DPG-OA6\u00a0. An attacker with administrator privileges can upload a specially crafted image, which can cause a stack overflow due to the unchecked fat-\u003efsd.max_fld."
}
],
"impacts": [
{
"capecId": "CAPEC-112",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-112: Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-04T08:02:02.414Z",
"orgId": "def9a96e-e099-41a9-bfac-30fd4f82c411",
"shortName": "Supermicro"
},
"references": [
{
"url": "https://www.supermicro.com/en/support/security_BMC_IPMI_Jan_2025"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "fld-\u003eused_bytes without sanity check causes stack overflow",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "def9a96e-e099-41a9-bfac-30fd4f82c411",
"assignerShortName": "Supermicro",
"cveId": "CVE-2024-10239",
"datePublished": "2025-02-04T08:02:02.414Z",
"dateReserved": "2024-10-22T03:14:25.875Z",
"dateUpdated": "2025-02-04T14:25:28.872Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-10238 (GCVE-0-2024-10238)
Vulnerability from cvelistv5 – Published: 2025-02-04 08:00 – Updated: 2025-02-04 14:33
VLAI
Title
fld->used_bytes without sanity check causes stack overflow
Summary
A security issue in the firmware image verification implementation
at Supermicro MBD-X12DPG-OA6. An attacker can upload a specially crafted image that will cause a stack overflow is caused by not checking fld->used_bytes.
Severity
7.2 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SMCI | MBD-X12DPG-OA6 |
Affected:
1.04.16
(BMC)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-10238",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T14:33:06.944209Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-04T14:33:16.387Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"BMC"
],
"product": "MBD-X12DPG-OA6",
"vendor": "SMCI",
"versions": [
{
"status": "affected",
"version": "1.04.16",
"versionType": "BMC"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA security issue in the firmware image verification implementation \n\n at Supermicro MBD-X12DPG-OA6. An attacker can upload a specially crafted image that will cause a stack overflow is caused by not checking fld-\u0026gt;used_bytes.\u003c/span\u003e"
}
],
"value": "A security issue in the firmware image verification implementation \n\n at Supermicro MBD-X12DPG-OA6. An attacker can upload a specially crafted image that will cause a stack overflow is caused by not checking fld-\u003eused_bytes."
}
],
"impacts": [
{
"capecId": "CAPEC-112",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-112: Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-04T08:00:51.373Z",
"orgId": "def9a96e-e099-41a9-bfac-30fd4f82c411",
"shortName": "Supermicro"
},
"references": [
{
"url": "https://www.supermicro.com/en/support/security_BMC_IPMI_Jan_2025"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "fld-\u003eused_bytes without sanity check causes stack overflow",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "def9a96e-e099-41a9-bfac-30fd4f82c411",
"assignerShortName": "Supermicro",
"cveId": "CVE-2024-10238",
"datePublished": "2025-02-04T08:00:51.373Z",
"dateReserved": "2024-10-22T03:14:23.997Z",
"dateUpdated": "2025-02-04T14:33:16.387Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-10237 (GCVE-0-2024-10237)
Vulnerability from cvelistv5 – Published: 2025-02-04 07:59 – Updated: 2025-02-04 14:38
VLAI
Title
SMC BMC Firmware Image Authentication Design Issue
Summary
There is a vulnerability in the BMC firmware image authentication design
at Supermicro MBD-X12DPG-OA6
. An attacker can modify the firmware to bypass BMC inspection and bypass the signature verification process
Severity
7.2 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SMCI | MBD-X12DPG-OA6 |
Affected:
1.04.16
(BMC)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-10237",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T14:38:05.372240Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-04T14:38:14.400Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"BMC"
],
"product": "MBD-X12DPG-OA6",
"vendor": "SMCI",
"versions": [
{
"status": "affected",
"version": "1.04.16",
"versionType": "BMC"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThere is a vulnerability in the BMC firmware image authentication design \n\n at Supermicro MBD-X12DPG-OA6\n\n. An attacker can modify the firmware to bypass BMC inspection and bypass the signature verification process\u003c/span\u003e"
}
],
"value": "There is a vulnerability in the BMC firmware image authentication design \n\n at Supermicro MBD-X12DPG-OA6\n\n. An attacker can modify the firmware to bypass BMC inspection and bypass the signature verification process"
}
],
"impacts": [
{
"capecId": "CAPEC-137",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-137: Parameter Injection"
}
]
},
{
"capecId": "CAPEC-166",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-166: Forced Rewriting"
}
]
},
{
"capecId": "CAPEC-192",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-192: Manipulation of Sensitive Data"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347: Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-345",
"description": "CWE-345: Insufficient Verification of Data Authenticity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-04T07:59:26.354Z",
"orgId": "def9a96e-e099-41a9-bfac-30fd4f82c411",
"shortName": "Supermicro"
},
"references": [
{
"url": "https://www.supermicro.com/en/support/security_BMC_IPMI_Jan_2025"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SMC BMC Firmware Image Authentication Design Issue",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "def9a96e-e099-41a9-bfac-30fd4f82c411",
"assignerShortName": "Supermicro",
"cveId": "CVE-2024-10237",
"datePublished": "2025-02-04T07:59:26.354Z",
"dateReserved": "2024-10-22T03:14:14.274Z",
"dateUpdated": "2025-02-04T14:38:14.400Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}