Buffer Overflow in Supermicro Motherboard X12DPG-QR Affects Security
CVE-2023-34853

7.8HIGH

Key Information:

Vendor: Supermicro
Status: X12dai-n6 Firmware
Vendor: CVE Published:; 22 August 2023

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2023-34853?

A buffer overflow vulnerability in the Supermicro X12DPG-QR motherboard version 1.4b allows local attackers to manipulate the SmcSecurityEraseSetupVar variable. By exploiting this flaw, attackers may hijack the control flow of the device, potentially leading to unauthorized access or execution of malicious code. It is crucial for users to apply security updates and monitor affected systems to mitigate potential risks.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2023-34853
Created by risuxx

References

https://www.supermicro.com/Bios/softfiles/17136/X12DPG-QR...

https://www.supermicro.com/en/support/security_BIOS_Aug_2023

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 22, 2023
🟡
Public PoC available
Aug 16, 2023
👾
Exploit known to exist
Aug 16, 2023
Vulnerability Reserved
Jun 7, 2023