Podatność CVE-2019-16649


Publikacja: 2019-09-20   Modyfikacja: 2019-09-21

Opis:
On Supermicro H11, H12, M11, X9, X10, and X11 products, a combination of encryption and authentication problems in the virtual media service allows capture of BMC credentials and data transferred over virtual media devices. Attackers can use captured credentials to connect virtual USB devices to the server managed by the BMC.

Typ:

CWE-798

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:N/A:N)

Ogólna skala CVSS
Znaczenie
Łatwość wykorzystania
5/10
2.9/10
10/10
Wymagany dostęp
Złożoność ataku
Autoryzacja
Zdalny
Niska
Nie wymagana
Wpływ na poufność
Wpływ na integralność
Wpływ na dostępność
Częściowy
Brak
Brak
Affected software
Supermicro -> X10sra-f firmware 
Supermicro -> X11dgq firmware 
Supermicro -> X11dpt-l firmware 
Supermicro -> X11sca-w firmware 
Supermicro -> X11spa-t firmware 
Supermicro -> A1sa2-2750f firmware 
Supermicro -> X11ssd-f firmware 
Supermicro -> B10drg-ibf firmware 
Supermicro -> X11ssm firmware 
Supermicro -> B1sd2-tf firmware 
Supermicro -> X9dr7/e-ln4f firmware 
Supermicro -> B9qr7(-tp) firmware 
Supermicro -> X9drh-7/i(t)f firmware 
Supermicro -> X10drd-it firmware 
Supermicro -> X9qri-f+ firmware 
Supermicro -> X10drg-ht firmware 
Supermicro -> X10drl-i firmware 
Supermicro -> X10dru-x firmware 
Supermicro -> X10qbl firmware 
Supermicro -> X10sdv-2c-tp8f firmware 
Supermicro -> X10sl7-f firmware 
Supermicro -> X10sra firmware 
Supermicro -> X11dpff-sn firmware 
Supermicro -> X11dpt-ps firmware 
Supermicro -> X11sca firmware 
Supermicro -> X11spa-tf firmware 
Supermicro -> A1sai-2550f firmware 
Supermicro -> X11sse-f firmware 
Supermicro -> B10drg-tp firmware 
Supermicro -> X11ssw-4tf firmware 
Supermicro -> B2ss1-cf firmware 
Supermicro -> X9dr7/e-tf+ firmware 
Supermicro -> M11sdv-4c-ln4f firmware 
Supermicro -> X9drh-if-nv firmware 
Supermicro -> X10drd-itp firmware 
Supermicro -> X9qri-f firmware 
Supermicro -> X10drg-o+-cpu firmware 
Supermicro -> X10drl-it firmware 
Supermicro -> X10dru-xll firmware 
Supermicro -> X10qrh+ firmware 
Supermicro -> X10sdv-4c+-tln4f firmware 
Supermicro -> X10sla-f firmware 
Supermicro -> X10srd-f firmware 
Supermicro -> X11dpfr-s firmware 
Supermicro -> X11dpu-v firmware 
Supermicro -> X11scd-f firmware 
Supermicro -> X11spg-tf firmware 
Supermicro -> A1sai-2750f firmware 
Supermicro -> X11ssh-ctf firmware 
Supermicro -> B10dri-n firmware 
Supermicro -> X11ssw-f firmware 
Supermicro -> B2ss1-cpu firmware 
Supermicro -> X9drd-7ln4f series firmware 
Supermicro -> M11sdv-4ct-ln4f firmware 
Supermicro -> X9drl-3/if firmware 
Supermicro -> X10drd-l firmware 
Supermicro -> X9sae(-v) firmware 
Supermicro -> X10drg-ot+-cpu firmware 
Supermicro -> X10drl-ln4 firmware 
Supermicro -> X10drw-e firmware 
Supermicro -> X10sae firmware 
Supermicro -> X10sdv-4c+-tp4f firmware 
Supermicro -> X10sld-f firmware 
Supermicro -> X10srg-f firmware 
Supermicro -> X11dpfr-sn firmware 
Supermicro -> X11dpu-x firmware 
Supermicro -> X11sch-f firmware 
Supermicro -> X11sph-nctf firmware 
Supermicro -> A1sam-2550f firmware 
Supermicro -> X11ssh-f firmware 
Supermicro -> B10dri firmware 
Supermicro -> X11ssw-tf firmware 
Supermicro -> B2ss1-f firmware 
Supermicro -> X9drd-c(n)t+ firmware 
Supermicro -> M11sdv-8c+-ln4f firmware 
Supermicro -> X9drl-7/ef firmware 
Supermicro -> X10drd-lt firmware 
Supermicro -> X9sca(-f) firmware 
Supermicro -> X10drg-q firmware 
Supermicro -> X10drs firmware 
Supermicro -> X10drw-et firmware 
Supermicro -> X10sat firmware 
Supermicro -> X10sdv-4c-7tp4f firmware 
Supermicro -> X10sld-hf firmware 
Supermicro -> X10srh-cf firmware 
Supermicro -> X11dpg-ot-cpu firmware 
Supermicro -> X11dpu-xll firmware 
Supermicro -> X11sch-ln4f firmware 
Supermicro -> X11sph-nctpf firmware 
Supermicro -> A1sam-2750f firmware 
Supermicro -> X11ssh-gf-1585 firmware 
Supermicro -> B10drt-ibf2 firmware 
Supermicro -> X9da7/e firmware 
Supermicro -> B2ss1-h-mtf firmware 
Supermicro -> X9drd-ef firmware 
Supermicro -> M11sdv-8c-ln4f firmware 
Supermicro -> X9drt-h series firmware 
Supermicro -> X10drd-ltp firmware 
Supermicro -> X9scd series firmware 
Supermicro -> X10drh-c firmware 

 Referencje:
https://eclypsium.com/2019/09/03/usbanywhere-bmc-vulnerability-opens-servers-to-remote-attack/
https://github.com/eclypsium/USBAnywhere
https://www.supermicro.com/support/security_BMC_virtual_media.cfm

Copyright 2020, cxsecurity.com

 

Back to Top