Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-35861

A shell-injection vulnerability in email notifications on Supermicro motherboards (such as H12DST-B before 03.10.35) allows remote attackers to inject execute arbitrary commands as root on the BMC.

Published

2023-07-31T13:15:09.833

Last Modified

2024-11-21T08:08:51.000

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

Weaknesses

Type: Primary
CWE-78

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	supermicro	h12dst-b_firmware	< 03.10.35	Yes
Hardware	supermicro	h12dst-b	-	No
Operating System	supermicro	x13dai-t_firmware	-	Yes
Hardware	supermicro	x13dai-t	-	No
Operating System	supermicro	x13ddw-a_firmware	-	Yes
Hardware	supermicro	x13ddw-a	-	No
Operating System	supermicro	x13deg-oa_firmware	-	Yes
Hardware	supermicro	x13deg-oa	-	No
Operating System	supermicro	x13deg-oad_firmware	-	Yes
Hardware	supermicro	x13deg-oad	-	No
Operating System	supermicro	x13deg-pvc_firmware	-	Yes
Hardware	supermicro	x13deg-pvc	-	No
Operating System	supermicro	x13deg-qt_firmware	-	Yes
Hardware	supermicro	x13deg-qt	-	No
Operating System	supermicro	x13dei_firmware	-	Yes
Hardware	supermicro	x13dei	-	No
Operating System	supermicro	x13dei-t_firmware	-	Yes
Hardware	supermicro	x13dei-t	-	No
Operating System	supermicro	x13dem_firmware	-	Yes
Hardware	supermicro	x13dem	-	No
Operating System	supermicro	x13det-b_firmware	-	Yes
Hardware	supermicro	x13det-b	-	No
Operating System	supermicro	x13dgu_firmware	-	Yes
Hardware	supermicro	x13dgu	-	No
Operating System	supermicro	x13dsf-a_firmware	-	Yes
Hardware	supermicro	x13dsf-a	-	No
Operating System	supermicro	x13qeh\+_firmware	-	Yes
Hardware	supermicro	x13qeh\+	-	No
Operating System	supermicro	x13sae_firmware	-	Yes
Hardware	supermicro	x13sae	-	No
Operating System	supermicro	x13sae-f_firmware	-	Yes
Hardware	supermicro	x13sae-f	-	No
Operating System	supermicro	x13san-c_firmware	-	Yes
Hardware	supermicro	x13san-c	-	No
Operating System	supermicro	x13san-c-wohs_firmware	-	Yes
Hardware	supermicro	x13san-c-wohs	-	No
Operating System	supermicro	x13san-e_firmware	-	Yes
Hardware	supermicro	x13san-e	-	No
Operating System	supermicro	x13san-e-wohs_firmware	-	Yes
Hardware	supermicro	x13san-e-wohs	-	No
Operating System	supermicro	x13san-h_firmware	-	Yes
Hardware	supermicro	x13san-h	-	No
Operating System	supermicro	x13san-h-wohs_firmware	-	Yes
Hardware	supermicro	x13san-h-wohs	-	No
Operating System	supermicro	x13san-l_firmware	-	Yes
Hardware	supermicro	x13san-l	-	No
Operating System	supermicro	x13san-l-wohs_firmware	-	Yes
Hardware	supermicro	x13san-l-wohs	-	No
Operating System	supermicro	x13saq_firmware	-	Yes
Hardware	supermicro	x13saq	-	No
Operating System	supermicro	x13sav-lvds_firmware	-	Yes
Hardware	supermicro	x13sav-lvds	-	No
Operating System	supermicro	x13sav-ps_firmware	-	Yes
Hardware	supermicro	x13sav-ps	-	No
Operating System	supermicro	x13saz-f_firmware	-	Yes
Hardware	supermicro	x13saz-f	-	No
Operating System	supermicro	x13saz-q_firmware	-	Yes
Hardware	supermicro	x13saz-q	-	No
Operating System	supermicro	x13sedw-f_firmware	-	Yes
Hardware	supermicro	x13sedw-f	-	No
Operating System	supermicro	x13seed-f_firmware	-	Yes
Hardware	supermicro	x13seed-f	-	No
Operating System	supermicro	x13seed-sf_firmware	-	Yes
Hardware	supermicro	x13seed-sf	-	No
Operating System	supermicro	x13sefr-a_firmware	-	Yes
Hardware	supermicro	x13sefr-a	-	No
Operating System	supermicro	x13sei-f_firmware	-	Yes
Hardware	supermicro	x13sei-f	-	No
Operating System	supermicro	x13sei-tf_firmware	-	Yes
Hardware	supermicro	x13sei-tf	-	No
Operating System	supermicro	x13sem-f_firmware	-	Yes
Hardware	supermicro	x13sem-f	-	No
Operating System	supermicro	x13sem-tf_firmware	-	Yes
Hardware	supermicro	x13sem-tf	-	No
Operating System	supermicro	x13set-g_firmware	-	Yes
Hardware	supermicro	x13set-g	-	No
Operating System	supermicro	x13set-gc_firmware	-	Yes
Hardware	supermicro	x13set-gc	-	No
Operating System	supermicro	x13sew-f_firmware	-	Yes
Hardware	supermicro	x13sew-f	-	No
Operating System	supermicro	x13sew-tf_firmware	-	Yes
Hardware	supermicro	x13sew-tf	-	No
Operating System	supermicro	x13sra-tf_firmware	-	Yes
Hardware	supermicro	x13sra-tf	-	No
Operating System	supermicro	x13srn-e_firmware	-	Yes
Hardware	supermicro	x13srn-e	-	No
Operating System	supermicro	x13srn-e-wohs_firmware	-	Yes
Hardware	supermicro	x13srn-e-wohs	-	No
Operating System	supermicro	x13srn-h_firmware	-	Yes
Hardware	supermicro	x13srn-h	-	No
Operating System	supermicro	x13srn-h-wohs_firmware	-	Yes
Hardware	supermicro	x13srn-h-wohs	-	No
Operating System	supermicro	x13swa-tf_firmware	-	Yes
Hardware	supermicro	x13swa-tf	-	No
Operating System	supermicro	h13dsg-o-cpu_firmware	-	Yes
Hardware	supermicro	h13dsg-o-cpu	-	No
Operating System	supermicro	h13dsg-o-cpu-d_firmware	-	Yes
Hardware	supermicro	h13dsg-o-cpu-d	-	No
Operating System	supermicro	h13dsh_firmware	-	Yes
Hardware	supermicro	h13dsh	-	No
Operating System	supermicro	h13sae-mf_firmware	-	Yes
Hardware	supermicro	h13sae-mf	-	No
Operating System	supermicro	h13srd-f_firmware	-	Yes
Hardware	supermicro	h13srd-f	-	No
Operating System	supermicro	h13ssf_firmware	-	Yes
Hardware	supermicro	h13ssf	-	No
Operating System	supermicro	h13ssh_firmware	-	Yes
Hardware	supermicro	h13ssh	-	No
Operating System	supermicro	h13ssl-n_firmware	-	Yes
Hardware	supermicro	h13ssl-n	-	No
Operating System	supermicro	h13ssl-nt_firmware	-	Yes
Hardware	supermicro	h13ssl-nt	-	No
Operating System	supermicro	h13sst-g_firmware	-	Yes
Hardware	supermicro	h13sst-g	-	No
Operating System	supermicro	h13sst-gc_firmware	-	Yes
Hardware	supermicro	h13sst-gc	-	No
Operating System	supermicro	h13ssw_firmware	-	Yes
Hardware	supermicro	h13ssw	-	No
Operating System	supermicro	x12dai-n6_firmware	-	Yes
Hardware	supermicro	x12dai-n6	-	No
Operating System	supermicro	x12ddw-a6_firmware	-	Yes
Hardware	supermicro	x12ddw-a6	-	No
Operating System	supermicro	x12dgo-6_firmware	-	Yes
Hardware	supermicro	x12dgo-6	-	No
Operating System	supermicro	x12dgq-r_firmware	-	Yes
Hardware	supermicro	x12dgq-r	-	No
Operating System	supermicro	x12dgu_firmware	-	Yes
Hardware	supermicro	x12dgu	-	No
Operating System	supermicro	x12dhm-6_firmware	-	Yes
Hardware	supermicro	x12dhm-6	-	No
Operating System	supermicro	x12dpd-a6m25_firmware	-	Yes
Hardware	supermicro	x12dpd-a6m25	-	No
Operating System	supermicro	x12dpfr-an6_firmware	-	Yes
Hardware	supermicro	x12dpfr-an6	-	No
Operating System	supermicro	x12dpg-ar_firmware	-	Yes
Hardware	supermicro	x12dpg-ar	-	No
Operating System	supermicro	x12dpg-oa6_firmware	-	Yes
Hardware	supermicro	x12dpg-oa6	-	No
Operating System	supermicro	x12dpg-oa6-gd2_firmware	-	Yes
Hardware	supermicro	x12dpg-oa6-gd2	-	No
Operating System	supermicro	x12dpg-qbt6_firmware	-	Yes
Hardware	supermicro	x12dpg-qbt6	-	No
Operating System	supermicro	x12dpg-qr_firmware	-	Yes
Hardware	supermicro	x12dpg-qr	-	No
Operating System	supermicro	x12dpg-qt6_firmware	-	Yes
Hardware	supermicro	x12dpg-qt6	-	No
Operating System	supermicro	x12dpg-u6_firmware	-	Yes
Hardware	supermicro	x12dpg-u6	-	No
Operating System	supermicro	x12dpi-n6_firmware	-	Yes
Hardware	supermicro	x12dpi-n6	-	No
Operating System	supermicro	x12dpi-nt6_firmware	-	Yes
Hardware	supermicro	x12dpi-nt6	-	No
Operating System	supermicro	x12dpl-i6_firmware	-	Yes
Hardware	supermicro	x12dpl-i6	-	No
Operating System	supermicro	x12dpl-nt6_firmware	-	Yes
Hardware	supermicro	x12dpl-nt6	-	No
Operating System	supermicro	x12dpt-b6_firmware	-	Yes
Hardware	supermicro	x12dpt-b6	-	No
Operating System	supermicro	x12dpt-pt46_firmware	-	Yes
Hardware	supermicro	x12dpt-pt46	-	No
Operating System	supermicro	x12dpt-pt6_firmware	-	Yes
Hardware	supermicro	x12dpt-pt6	-	No
Operating System	supermicro	x12dpu-6_firmware	-	Yes
Hardware	supermicro	x12dpu-6	-	No
Operating System	supermicro	x12dsc-6_firmware	-	Yes
Hardware	supermicro	x12dsc-6	-	No
Operating System	supermicro	x12qch\+_firmware	-	Yes
Hardware	supermicro	x12qch\+	-	No
Operating System	supermicro	x12sae_firmware	-	Yes
Hardware	supermicro	x12sae	-	No
Operating System	supermicro	x12sae-5_firmware	-	Yes
Hardware	supermicro	x12sae-5	-	No
Operating System	supermicro	x12sca-5f_firmware	-	Yes
Hardware	supermicro	x12sca-5f	-	No
Operating System	supermicro	x12sca-f_firmware	-	Yes
Hardware	supermicro	x12sca-f	-	No
Operating System	supermicro	x12scq_firmware	-	Yes
Hardware	supermicro	x12scq	-	No
Operating System	supermicro	x12scv-lvds_firmware	-	Yes
Hardware	supermicro	x12scv-lvds	-	No
Operating System	supermicro	x12scv-w_firmware	-	Yes
Hardware	supermicro	x12scv-w	-	No
Operating System	supermicro	x12scz-f_firmware	-	Yes
Hardware	supermicro	x12scz-f	-	No
Operating System	supermicro	x12scz-qf_firmware	-	Yes
Hardware	supermicro	x12scz-qf	-	No
Operating System	supermicro	x12scz-tln4f_firmware	-	Yes
Hardware	supermicro	x12scz-tln4f	-	No
Operating System	supermicro	x12sdv-10c-sp6f_firmware	-	Yes
Hardware	supermicro	x12sdv-10c-sp6f	-	No
Operating System	supermicro	x12sdv-10c-spt4f_firmware	-	Yes
Hardware	supermicro	x12sdv-10c-spt4f	-	No
Operating System	supermicro	x12sdv-14c-spt8f_firmware	-	Yes
Hardware	supermicro	x12sdv-14c-spt8f	-	No
Operating System	supermicro	x12sdv-16c-spt8f_firmware	-	Yes
Hardware	supermicro	x12sdv-16c-spt8f	-	No
Operating System	supermicro	x12sdv-20c-spt8f_firmware	-	Yes
Hardware	supermicro	x12sdv-20c-spt8f	-	No
Operating System	supermicro	x12sdv-4c-sp6f_firmware	-	Yes
Hardware	supermicro	x12sdv-4c-sp6f	-	No
Operating System	supermicro	x12sdv-4c-spt4f_firmware	-	Yes
Hardware	supermicro	x12sdv-4c-spt4f	-	No
Operating System	supermicro	x12sdv-4c-spt8f_firmware	-	Yes
Hardware	supermicro	x12sdv-4c-spt8f	-	No
Operating System	supermicro	x12sdv-8c-sp6f_firmware	-	Yes
Hardware	supermicro	x12sdv-8c-sp6f	-	No
Operating System	supermicro	x12sdv-8c-spt4f_firmware	-	Yes
Hardware	supermicro	x12sdv-8c-spt4f	-	No
Operating System	supermicro	x12sdv-8c-spt8f_firmware	-	Yes
Hardware	supermicro	x12sdv-8c-spt8f	-	No
Operating System	supermicro	x12sdv-8ce-sp4f_firmware	-	Yes
Hardware	supermicro	x12sdv-8ce-sp4f	-	No
Operating System	supermicro	x12spa-tf_firmware	-	Yes
Hardware	supermicro	x12spa-tf	-	No
Operating System	supermicro	x12sped-f_firmware	-	Yes
Hardware	supermicro	x12sped-f	-	No
Operating System	supermicro	x12spg-nf_firmware	-	Yes
Hardware	supermicro	x12spg-nf	-	No
Operating System	supermicro	x12spi-tf_firmware	-	Yes
Hardware	supermicro	x12spi-tf	-	No
Operating System	supermicro	x12spl-f_firmware	-	Yes
Hardware	supermicro	x12spl-f	-	No
Operating System	supermicro	x12spl-ln4f_firmware	-	Yes
Hardware	supermicro	x12spl-ln4f	-	No
Operating System	supermicro	x12spm-ln4f_firmware	-	Yes
Hardware	supermicro	x12spm-ln4f	-	No
Operating System	supermicro	x12spm-ln6tf_firmware	-	Yes
Hardware	supermicro	x12spm-ln6tf	-	No
Operating System	supermicro	x12spm-tf_firmware	-	Yes
Hardware	supermicro	x12spm-tf	-	No
Operating System	supermicro	x12spo-f_firmware	-	Yes
Hardware	supermicro	x12spo-f	-	No
Operating System	supermicro	x12spo-ntf_firmware	-	Yes
Hardware	supermicro	x12spo-ntf	-	No
Operating System	supermicro	x12spt-g_firmware	-	Yes
Hardware	supermicro	x12spt-g	-	No
Operating System	supermicro	x12spt-gc_firmware	-	Yes
Hardware	supermicro	x12spt-gc	-	No
Operating System	supermicro	x12spt-pt_firmware	-	Yes
Hardware	supermicro	x12spt-pt	-	No
Operating System	supermicro	x12spw-f_firmware	-	Yes
Hardware	supermicro	x12spw-f	-	No
Operating System	supermicro	x12spw-tf_firmware	-	Yes
Hardware	supermicro	x12spw-tf	-	No
Operating System	supermicro	x12spz-ln4f_firmware	-	Yes
Hardware	supermicro	x12spz-ln4f	-	No
Operating System	supermicro	x12spz-spln6f_firmware	-	Yes
Hardware	supermicro	x12spz-spln6f	-	No
Operating System	supermicro	x12std-f_firmware	-	Yes
Hardware	supermicro	x12std-f	-	No
Operating System	supermicro	x12ste-f_firmware	-	Yes
Hardware	supermicro	x12ste-f	-	No
Operating System	supermicro	x12sth-f_firmware	-	Yes
Hardware	supermicro	x12sth-f	-	No
Operating System	supermicro	x12sth-ln4f_firmware	-	Yes
Hardware	supermicro	x12sth-ln4f	-	No
Operating System	supermicro	x12sth-sys_firmware	-	Yes
Hardware	supermicro	x12sth-sys	-	No
Operating System	supermicro	x12stl-f_firmware	-	Yes
Hardware	supermicro	x12stl-f	-	No
Operating System	supermicro	x12stl-if_firmware	-	Yes
Hardware	supermicro	x12stl-if	-	No
Operating System	supermicro	x12stn-c_firmware	-	Yes
Hardware	supermicro	x12stn-c	-	No
Operating System	supermicro	x12stn-c-wohs_firmware	-	Yes
Hardware	supermicro	x12stn-c-wohs	-	No
Operating System	supermicro	x12stn-e_firmware	-	Yes
Hardware	supermicro	x12stn-e	-	No
Operating System	supermicro	x12stn-e-wohs_firmware	-	Yes
Hardware	supermicro	x12stn-e-wohs	-	No
Operating System	supermicro	x12stn-h_firmware	-	Yes
Hardware	supermicro	x12stn-h	-	No
Operating System	supermicro	x12stn-h-wohs_firmware	-	Yes
Hardware	supermicro	x12stn-h-wohs	-	No
Operating System	supermicro	x12stn-l_firmware	-	Yes
Hardware	supermicro	x12stn-l	-	No
Operating System	supermicro	x12stn-l-wohs_firmware	-	Yes
Hardware	supermicro	x12stn-l-wohs	-	No
Operating System	supermicro	x12stw-f_firmware	-	Yes
Hardware	supermicro	x12stw-f	-	No
Operating System	supermicro	x12stw-tf_firmware	-	Yes
Hardware	supermicro	x12stw-tf	-	No
Operating System	supermicro	h12ssw-ntr_firmware	-	Yes
Hardware	supermicro	h12ssw-ntr	-	No
Operating System	supermicro	h12ssw-ntl_firmware	-	Yes
Hardware	supermicro	h12ssw-ntl	-	No
Operating System	supermicro	h12ssw-nt_firmware	-	Yes
Hardware	supermicro	h12ssw-nt	-	No
Operating System	supermicro	h12ssw-inr_firmware	-	Yes
Hardware	supermicro	h12ssw-inr	-	No
Operating System	supermicro	h12ssw-inl_firmware	-	Yes
Hardware	supermicro	h12ssw-inl	-	No
Operating System	supermicro	h12ssw-in_firmware	-	Yes
Hardware	supermicro	h12ssw-in	-	No
Operating System	supermicro	h12ssw-an6_firmware	-	Yes
Hardware	supermicro	h12ssw-an6	-	No
Operating System	supermicro	h12sst-ps_firmware	-	Yes
Hardware	supermicro	h12sst-ps	-	No
Operating System	supermicro	h12ssl-nt_firmware	-	Yes
Hardware	supermicro	h12ssl-nt	-	No
Operating System	supermicro	h12ssl-i_firmware	-	Yes
Hardware	supermicro	h12ssl-i	-	No
Operating System	supermicro	h12ssl-ct_firmware	-	Yes
Hardware	supermicro	h12ssl-ct	-	No
Operating System	supermicro	h12ssl-c_firmware	-	Yes
Hardware	supermicro	h12ssl-c	-	No
Operating System	supermicro	h12ssg-anp6_firmware	-	Yes
Hardware	supermicro	h12ssg-anp6	-	No
Operating System	supermicro	h12ssg-an6_firmware	-	Yes
Hardware	supermicro	h12ssg-an6	-	No
Operating System	supermicro	h12ssfr-an6_firmware	-	Yes
Hardware	supermicro	h12ssfr-an6	-	No
Operating System	supermicro	h12ssff-an6_firmware	-	Yes
Hardware	supermicro	h12ssff-an6	-	No
Operating System	supermicro	h12dsu-inr_firmware	-	Yes
Hardware	supermicro	h12dsu-inr	-	No
Operating System	supermicro	h12dsu-in_firmware	-	Yes
Hardware	supermicro	h12dsu-in	-	No
Operating System	supermicro	h12dst-b_firmware	-	Yes
Hardware	supermicro	h12dst-b	-	No
Operating System	supermicro	h12dsi-nt6_firmware	-	Yes
Hardware	supermicro	h12dsi-nt6	-	No
Operating System	supermicro	h12dsi-n6_firmware	-	Yes
Hardware	supermicro	h12dsi-n6	-	No
Operating System	supermicro	h12dsg-q-cpu6_firmware	-	Yes
Hardware	supermicro	h12dsg-q-cpu6	-	No
Operating System	supermicro	h12dsg-o-cpu_firmware	-	Yes
Hardware	supermicro	h12dsg-o-cpu	-	No
Operating System	supermicro	h12dgq-nt6_firmware	-	Yes
Hardware	supermicro	h12dgq-nt6	-	No
Operating System	supermicro	h12dgo-6_firmware	-	Yes
Hardware	supermicro	h12dgo-6	-	No

References

https://blog.freax13.de/cve/cve-2023-35861 Exploit, Third Party Advisory ([email protected])
https://www.supermicro.com/en/products/motherboards Product ([email protected])
https://www.supermicro.com/en/support/security_SMTP_Jun_2023 Vendor Advisory ([email protected])
https://blog.freax13.de/cve/cve-2023-35861 Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.supermicro.com/en/products/motherboards Product (af854a3a-2127-422b-91ae-364da2661108)
https://www.supermicro.com/en/support/security_SMTP_Jun_2023 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)