Vulnerability CVE-2019-16650


Published: 2019-09-20   Modified: 2019-09-21

Description:
On Supermicro X10 and X11 products, a client's access privileges may be transferred to a different client that later has the same socket file descriptor number. In opportunistic circumstances, an attacker can simply connect to the virtual media service, and then connect virtual USB devices to the server managed by the BMC.

Type:

CWE-269

(Improper Privilege Management)

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Supermicro -> X11dai-n firmware 
Supermicro -> X11dpl-i firmware 
Supermicro -> X11dsn-tsq firmware 
Supermicro -> X11sdd-8c-f firmware 
Supermicro -> X11sri-if firmware 
Supermicro -> X11ssl-f firmware 
Supermicro -> B10drg-ibf2 firmware 
Supermicro -> B1sd2-16c-tf firmware 
Supermicro -> X10drc-t4+ firmware 
Supermicro -> X10drfr-nt firmware 
Supermicro -> X10dri-t firmware 
Supermicro -> X10drt-pibq firmware 
Supermicro -> X10qbi firmware 
Supermicro -> X10sdv-16c-tln4f firmware 
Supermicro -> X10sdv-8c-tln4f firmware 
Supermicro -> X10slm+-f firmware 
Supermicro -> X11ddw-l firmware 
Supermicro -> X11dps-re firmware 
Supermicro -> X11opi-cpu firmware 
Supermicro -> X11sds-12c firmware 
Supermicro -> X11srl-f firmware 
Supermicro -> A1sa2-2750f firmware 
Supermicro -> X11ssl-nf firmware 
Supermicro -> B10drg-ibf firmware 
Supermicro -> B1sd2-tf firmware 
Supermicro -> X10drd-i firmware 
Supermicro -> X10drfr-t firmware 
Supermicro -> X10dri firmware 
Supermicro -> X10drt-ps firmware 
Supermicro -> X10qbl-4 firmware 
Supermicro -> X10sdv-2c-7tp4f firmware 
Supermicro -> X10sdv-f firmware 
Supermicro -> X10slm+-ln4f firmware 
Supermicro -> X11ddw-nt firmware 
Supermicro -> X11dpt-b firmware 
Supermicro -> X11qph+ firmware 
Supermicro -> X11sds-16c firmware 
Supermicro -> X11srm-f firmware 
Supermicro -> A1sai-2550f firmware 
Supermicro -> X11ssl firmware 
Supermicro -> B10drg-tp firmware 
Supermicro -> B2ss1-cf firmware 
Supermicro -> X10drd-int firmware 
Supermicro -> X10drfr firmware 
Supermicro -> X10drl-c firmware 
Supermicro -> X10drt-pt firmware 
Supermicro -> X10qbl-4ct firmware 
Supermicro -> X10sdv-2c-tln2f firmware 
Supermicro -> X10sdv-tln4f firmware 
Supermicro -> X10slm-f firmware 
Supermicro -> X11dgo-t firmware 
Supermicro -> X11dpt-bh firmware 
Supermicro -> X11sca-f firmware 
Supermicro -> X11sds-8c firmware 
Supermicro -> X11srm-vf firmware 
Supermicro -> A1sai-2750f firmware 
Supermicro -> X11ssm-f firmware 
Supermicro -> B10dri-n firmware 
Supermicro -> B2ss1-cpu firmware 
Supermicro -> X10drd-intp firmware 
Supermicro -> X10drg-h firmware 
Supermicro -> X10drl-ct firmware 
Supermicro -> X10dru-i+ firmware 
Supermicro -> X10qbl-ct firmware 
Supermicro -> X10sdv-2c-tp4f firmware 
Supermicro -> X10sdv-tp8f firmware 
Supermicro -> X10slx-f firmware 
Supermicro -> X11dgq firmware 
Supermicro -> X11dpt-l firmware 
Supermicro -> X11sca-w firmware 
Supermicro -> X11spa-t firmware 
Supermicro -> X11ssd-f firmware 
Supermicro -> A1sam-2550f firmware 
Supermicro -> X11ssm firmware 
Supermicro -> B10dri firmware 
Supermicro -> B2ss1-f firmware 
Supermicro -> X10drd-it firmware 
Supermicro -> X10drg-ht firmware 
Supermicro -> X10drl-i firmware 
Supermicro -> X10dru-x firmware 
Supermicro -> X10qbl firmware 
Supermicro -> X10sdv-2c-tp8f firmware 
Supermicro -> X10sl7-f firmware 
Supermicro -> X10sra-f firmware 
Supermicro -> X11dpff-sn firmware 
Supermicro -> X11dpt-ps firmware 
Supermicro -> X11sca firmware 
Supermicro -> X11spa-tf firmware 
Supermicro -> X11sse-f firmware 
Supermicro -> A1sam-2750f firmware 
Supermicro -> X11ssw-4tf firmware 
Supermicro -> B10drt-ibf2 firmware 
Supermicro -> B2ss1-h-mtf firmware 
Supermicro -> X10drd-itp firmware 
Supermicro -> X10drg-o+-cpu firmware 
Supermicro -> X10drl-it firmware 
Supermicro -> X10dru-xll firmware 
Supermicro -> X10qrh+ firmware 
Supermicro -> X10sdv-4c+-tln4f firmware 
Supermicro -> X10sla-f firmware 

 References:
https://eclypsium.com/2019/09/03/usbanywhere-bmc-vulnerability-opens-servers-to-remote-attack/
https://github.com/eclypsium/USBAnywhere
https://www.supermicro.com/support/security_BMC_virtual_media.cfm

Copyright 2024, cxsecurity.com

 

Back to Top