Supermicro Devices Vulnerable to Command Injection Attacks
CVE-2023-40289

Currently unrated

Key Information:

Vendor: Supermicro
Status: X11ssm-f Firmware
Vendor: CVE Published:; 27 March 2024

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2023-40289?

A command injection vulnerability has been identified in the Supermicro X11 series products, specifically impacting the X11SSM-F, X11SAE-F, and X11SSE-F devices running firmware version 1.66. This vulnerability can be exploited by an attacker who possesses BMC administrative privileges, enabling them to escalate their privileges and potentially compromise the integrity of the system. Users are advised to apply necessary patches and implement robust security measures to mitigate potential risks associated with this issue.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2023-40289
Created by s-hamann

References

https://www.supermicro.com/en/support/security_center#%21...

https://www.supermicro.com/en/support/security_BMC_IPMI_O...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Sep 30, 2025
👾
Exploit known to exist
Sep 30, 2025
Vulnerability published
Mar 27, 2024
Vulnerability Reserved
Aug 14, 2023

JSON