Shell Injection Vulnerability in Supermicro Motherboards
CVE-2023-35861

9.8CRITICAL

Key Information:

Vendor: Supermicro
Status: H12dst-b Firmware
Vendor: CVE Published:; 31 July 2023

What is CVE-2023-35861?

A shell injection vulnerability in email notification functionality on Supermicro motherboards, specifically the H12DST-B version prior to 03.10.35, enables remote attackers to execute arbitrary commands with root privileges on the Baseboard Management Controller (BMC). This vulnerability poses significant risks to system integrity and confidentiality if exploited by unauthorized individuals.

References

https://www.supermicro.com/en/products/motherboards

https://www.supermicro.com/en/support/security_SMTP_Jun_2023

https://blog.freax13.de/cve/cve-2023-35861

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 31, 2023
Vulnerability Reserved
Jun 19, 2023