Supermicro BMC Firmware Vulnerability Could Lead to Remote Code Execution
CVE-2024-36435

9.8CRITICAL

Key Information:

Vendor: Supermicro
Vendor: CVE Published:; 11 July 2024

Badges

🟣 EPSS 12%📰 News Worthy

What is CVE-2024-36435?

The Supermicro BMC firmware vulnerability, CVE-2024-36435, affects select X11, X12, H12, B12, X13, H13, and B13 motherboards, as well as CMM6 modules. It allows an unauthenticated user to trigger a stack buffer overflow, potentially leading to arbitrary remote code execution on a BMC. This vulnerability has not been exploited in the wild, and there is no specific mention of ransomware groups targeting it. However, the potential impact of remote code execution underscores the importance of addressing the issue promptly through firmware updates.

News Articles

BaseFortify

CVE-2024-36435

Did we spark your curiosity? Here you can ask more questions about this CVE. If you could still use more information about this CVE, submit the question in the form below, and you will...

References

https://www.supermicro.com/zh_tw/support/security_BMC_IPM...

EPSS Score

12% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

📰
First article discovered by BaseFortify
Jul 18, 2024
Vulnerability published
Jul 11, 2024

JSON