RSS   Vulnerabilities for 'A1srm-2558f firmware'   RSS

2019-09-20
 
CVE-2019-16650

CWE-269
 

 
On Supermicro X10 and X11 products, a client's access privileges may be transferred to a different client that later has the same socket file descriptor number. In opportunistic circumstances, an attacker can simply connect to the virtual media service, and then connect virtual USB devices to the server managed by the BMC.

 
 
CVE-2019-16649

CWE-798
 

 
On Supermicro H11, H12, M11, X9, X10, and X11 products, a combination of encryption and authentication problems in the virtual media service allows capture of BMC credentials and data transferred over virtual media devices. Attackers can use captured credentials to connect virtual USB devices to the server managed by the BMC.

 

 >>> Vendor: Supermicro 575 Products
BMC
H8dcl-6f
H8dcl-if
H8dct-hibqf
H8dct-hln4f
H8dct-ibqf
H8dg6-f
H8dgg-qf
H8dgi-f
H8dgt-hf
H8dgt-hibqf
H8dgt-hlf
H8dgt-hlibqf
H8dgu-f
H8dgu-ln4f+
H8scm-f
H8sgl-f
H8sme-f
H8sml-7
H8sml-7f
H8sml-i
H8sml-if
X7spa-hf
X7spa-hf-d525
X7spe-h-d525
X7spe-hf
X7spe-hf-d525
X7spt-df-d525
X7spt-df-d525+
X8dtl-3f
X8dtl-6f
X8dtl-if
X8dtn+-f
X8dtn+-f-lr
X8dtu-6f+
X8dtu-6f+-lr
X8dtu-6tf+
X8dtu-6tf+-lr
X8dtu-ln4f+
X8dtu-ln4f+-lr
X8si6-f
X8sia-f
X8sie-f
X8sie-ln4f
X8sil-f
X8sit-f
X8sit-hf
X8siu-f
X9dax-7f
X9dax-7f-hft
X9dax-7tf
X9dax-if
X9dax-if-hft
X9dax-itf
X9db3-f
X9db3-tpf
X9dbi-f
X9dbi-tpf
X9dbl-3f
X9dbl-if
X9dbu-3f
X9dbu-if
X9dr3-f
X9dr3-ln4f+
X9dr7-ln4f
X9dr7-ln4f-jbod
X9dr7-tf+
X9drd-7jln4f
X9drd-7ln4f
X9drd-7ln4f-jbod
X9drd-ef
X9drd-if
X9dre-ln4f
X9dre-tf+
X9drff
X9drff-7
X9drff-7+
X9drff-7g+
X9drff-7t+
X9drff-7tg+
X9drff-i+
X9drff-ig+
X9drff-it+
X9drff-itg+
X9drfr
X9drg-hf
X9drg-hf+
X9drg-htf
X9drg-htf+
X9drh-7f
X9drh-7tf
X9drh-if
X9drh-itf
X9dri-f
X9dri-ln4f+
X9drl-3f
X9drl-ef
X9drl-if
X9drt-f
X9drt-h6f
See all Products for Vendor Supermicro


Copyright 2019, cxsecurity.com

 

Back to Top