Directory Traversal Vulnerability in Supermicro Baseboard Management Controller
CVE-2023-33411

7.5HIGH

Key Information:

Vendor: Supermicro
Vendor: CVE Published:; 7 December 2023

What is CVE-2023-33411?

A directory traversal vulnerability in the web server component of Supermicro's Intelligent Platform Management Interface (IPMI) implementation on X11 and M11 devices allows remote unauthenticated users to access restricted files. This flaw can lead to the exposure of sensitive information, posing significant security risks for systems reliant on vulnerable firmware versions up to 3.17.02. It is crucial for organizations using affected Supermicro devices to review their security posture and apply necessary updates as detailed by the vendor.

References

http://supermicro.com

https://www.supermicro.com/en/support/security_BMC_Dec_2023

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 7, 2023
Vulnerability Reserved
May 22, 2023