Vulnerability CVE-2019-16649


Published: 2019-09-20   Modified: 2019-09-21

Description:
On Supermicro H11, H12, M11, X9, X10, and X11 products, a combination of encryption and authentication problems in the virtual media service allows capture of BMC credentials and data transferred over virtual media devices. Attackers can use captured credentials to connect virtual USB devices to the server managed by the BMC.

Type:

CWE-798

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
Supermicro -> X9dr7/e-ln4f firmware 
Supermicro -> B9qr7(-tp) firmware 
Supermicro -> X9drh-7/i(t)f firmware 
Supermicro -> X10drd-it firmware 
Supermicro -> X9qri-f+ firmware 
Supermicro -> X10drg-ht firmware 
Supermicro -> X10drl-i firmware 
Supermicro -> X10dru-x firmware 
Supermicro -> X10qbl firmware 
Supermicro -> X10sdv-2c-tp8f firmware 
Supermicro -> X10sl7-f firmware 
Supermicro -> X10sra-f firmware 
Supermicro -> X11dgq firmware 
Supermicro -> X11dpt-l firmware 
Supermicro -> X11sca-w firmware 
Supermicro -> X11spa-t firmware 
Supermicro -> A1sa2-2750f firmware 
Supermicro -> X11ssd-f firmware 
Supermicro -> B10drg-ibf firmware 
Supermicro -> X11ssm firmware 
Supermicro -> B1sd2-tf firmware 
Supermicro -> X9dr7/e-tf+ firmware 
Supermicro -> M11sdv-4c-ln4f firmware 
Supermicro -> X9drh-if-nv firmware 
Supermicro -> X10drd-itp firmware 
Supermicro -> X9qri-f firmware 
Supermicro -> X10drg-o+-cpu firmware 
Supermicro -> X10drl-it firmware 
Supermicro -> X10dru-xll firmware 
Supermicro -> X10qrh+ firmware 
Supermicro -> X10sdv-4c+-tln4f firmware 
Supermicro -> X10sla-f firmware 
Supermicro -> X10sra firmware 
Supermicro -> X11dpff-sn firmware 
Supermicro -> X11dpt-ps firmware 
Supermicro -> X11sca firmware 
Supermicro -> X11spa-tf firmware 
Supermicro -> A1sai-2550f firmware 
Supermicro -> X11sse-f firmware 
Supermicro -> B10drg-tp firmware 
Supermicro -> X11ssw-4tf firmware 
Supermicro -> B2ss1-cf firmware 
Supermicro -> X9drd-7ln4f series firmware 
Supermicro -> M11sdv-4ct-ln4f firmware 
Supermicro -> X9drl-3/if firmware 
Supermicro -> X10drd-l firmware 
Supermicro -> X9sae(-v) firmware 
Supermicro -> X10drg-ot+-cpu firmware 
Supermicro -> X10drl-ln4 firmware 
Supermicro -> X10drw-e firmware 
Supermicro -> X10sae firmware 
Supermicro -> X10sdv-4c+-tp4f firmware 
Supermicro -> X10sld-f firmware 
Supermicro -> X10srd-f firmware 
Supermicro -> X11dpfr-s firmware 
Supermicro -> X11dpu-v firmware 
Supermicro -> X11scd-f firmware 
Supermicro -> X11spg-tf firmware 
Supermicro -> A1sai-2750f firmware 
Supermicro -> X11ssh-ctf firmware 
Supermicro -> B10dri-n firmware 
Supermicro -> X11ssw-f firmware 
Supermicro -> B2ss1-cpu firmware 
Supermicro -> X9drd-c(n)t+ firmware 
Supermicro -> M11sdv-8c+-ln4f firmware 
Supermicro -> X9drl-7/ef firmware 
Supermicro -> X10drd-lt firmware 
Supermicro -> X9sca(-f) firmware 
Supermicro -> X10drg-q firmware 
Supermicro -> X10drs firmware 
Supermicro -> X10drw-et firmware 
Supermicro -> X10sat firmware 
Supermicro -> X10sdv-4c-7tp4f firmware 
Supermicro -> X10sld-hf firmware 
Supermicro -> X10srg-f firmware 
Supermicro -> X11dpfr-sn firmware 
Supermicro -> X11dpu-x firmware 
Supermicro -> X11sch-f firmware 
Supermicro -> X11sph-nctf firmware 
Supermicro -> A1sam-2550f firmware 
Supermicro -> X11ssh-f firmware 
Supermicro -> B10dri firmware 
Supermicro -> X11ssw-tf firmware 
Supermicro -> B2ss1-f firmware 
Supermicro -> X9drd-ef firmware 
Supermicro -> M11sdv-8c-ln4f firmware 
Supermicro -> X9drt-h series firmware 
Supermicro -> X10drd-ltp firmware 
Supermicro -> X9scd series firmware 
Supermicro -> X10drh-c firmware 
Supermicro -> X10drt-b+ firmware 
Supermicro -> X10drw-i firmware 
Supermicro -> X10sdd-16c-f firmware 
Supermicro -> X10sdv-4c-tln2f firmware 
Supermicro -> X10sle-df firmware 
Supermicro -> X10srh-cf firmware 
Supermicro -> X11dpg-ot-cpu firmware 
Supermicro -> X11dpu-xll firmware 
Supermicro -> X11sch-ln4f firmware 
Supermicro -> X11sph-nctpf firmware 

 References:
https://eclypsium.com/2019/09/03/usbanywhere-bmc-vulnerability-opens-servers-to-remote-attack/
https://github.com/eclypsium/USBAnywhere
https://www.supermicro.com/support/security_BMC_virtual_media.cfm

Copyright 2020, cxsecurity.com

 

Back to Top