Insecure Permissions in Supermicro X11SSL-CF BMC Firmware
CVE-2022-43309

5.5MEDIUM

Key Information:

Vendor: Supermicro
Status: X11ssl-cf Firmware
Vendor: CVE Published:; 7 April 2023

What is CVE-2022-43309?

The Supermicro X11SSL-CF hardware version 1.01 with BMC firmware version 1.63 has been identified to have weak permission settings that might allow unauthorized users to access sensitive system components. This vulnerability could lead to unauthorized modifications and elevate security risks. It is crucial for users to apply the recommended patches and updates provided by Supermicro to mitigate potential threats.

References

http://supermicro.com

http://x11ssl-cf.com

https://www.supermicro.com/en/support/security_VRM_Jan_2023

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 7, 2023
Vulnerability Reserved
Oct 17, 2022