Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-35861

A shell-injection vulnerability in email notifications on Supermicro motherboards (such as H12DST-B before 03.10.35) allows remote attackers to inject execute arbitrary commands as root on the BMC.

Security Impact Summary

This vulnerability carries a CRITICAL severity rating with a CVSS v3.1 score of 9.8, indicating it can be exploited remotely over the network with relatively low complexity without requiring user interaction and does not require pre-existing privileges . The vulnerability impacts confidentiality (data exposure), integrity (unauthorized modifications), and availability (service disruption) for affected systems. Impacting 330 products from supermicro, from supermicro, from supermicro and 327 others, organizations running these solutions should prioritize assessment and patching.

Historical Context

Reported in 2023, this vulnerability emerged during an era marked by increased sophistication in supply chain attacks, cloud infrastructure vulnerabilities, and software-as-a-service (SaaS) security challenges. Security practices during this period emphasized zero-trust architectures, container security, and API protection.

Published

2023-07-31T13:15:09.833

Last Modified

2024-11-21T08:08:51.000

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

Weaknesses

Type: Primary
CWE-78

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	supermicro	h12dst-b_firmware	< 03.10.35	Yes
Hardware	supermicro	h12dst-b	-	No
Operating System	supermicro	x13dai-t_firmware	-	Yes
Hardware	supermicro	x13dai-t	-	No
Operating System	supermicro	x13ddw-a_firmware	-	Yes
Hardware	supermicro	x13ddw-a	-	No
Operating System	supermicro	x13deg-oa_firmware	-	Yes
Hardware	supermicro	x13deg-oa	-	No
Operating System	supermicro	x13deg-oad_firmware	-	Yes
Hardware	supermicro	x13deg-oad	-	No
Operating System	supermicro	x13deg-pvc_firmware	-	Yes
Hardware	supermicro	x13deg-pvc	-	No
Operating System	supermicro	x13deg-qt_firmware	-	Yes
Hardware	supermicro	x13deg-qt	-	No
Operating System	supermicro	x13dei_firmware	-	Yes
Hardware	supermicro	x13dei	-	No
Operating System	supermicro	x13dei-t_firmware	-	Yes
Hardware	supermicro	x13dei-t	-	No
Operating System	supermicro	x13dem_firmware	-	Yes
Hardware	supermicro	x13dem	-	No
Operating System	supermicro	x13det-b_firmware	-	Yes
Hardware	supermicro	x13det-b	-	No
Operating System	supermicro	x13dgu_firmware	-	Yes
Hardware	supermicro	x13dgu	-	No
Operating System	supermicro	x13dsf-a_firmware	-	Yes
Hardware	supermicro	x13dsf-a	-	No
Operating System	supermicro	x13qeh\+_firmware	-	Yes
Hardware	supermicro	x13qeh\+	-	No
Operating System	supermicro	x13sae_firmware	-	Yes
Hardware	supermicro	x13sae	-	No
Operating System	supermicro	x13sae-f_firmware	-	Yes
Hardware	supermicro	x13sae-f	-	No
Operating System	supermicro	x13san-c_firmware	-	Yes
Hardware	supermicro	x13san-c	-	No
Operating System	supermicro	x13san-c-wohs_firmware	-	Yes
Hardware	supermicro	x13san-c-wohs	-	No
Operating System	supermicro	x13san-e_firmware	-	Yes
Hardware	supermicro	x13san-e	-	No
Operating System	supermicro	x13san-e-wohs_firmware	-	Yes
Hardware	supermicro	x13san-e-wohs	-	No
Operating System	supermicro	x13san-h_firmware	-	Yes
Hardware	supermicro	x13san-h	-	No
Operating System	supermicro	x13san-h-wohs_firmware	-	Yes
Hardware	supermicro	x13san-h-wohs	-	No
Operating System	supermicro	x13san-l_firmware	-	Yes
Hardware	supermicro	x13san-l	-	No
Operating System	supermicro	x13san-l-wohs_firmware	-	Yes
Hardware	supermicro	x13san-l-wohs	-	No
Operating System	supermicro	x13saq_firmware	-	Yes
Hardware	supermicro	x13saq	-	No
Operating System	supermicro	x13sav-lvds_firmware	-	Yes
Hardware	supermicro	x13sav-lvds	-	No
Operating System	supermicro	x13sav-ps_firmware	-	Yes
Hardware	supermicro	x13sav-ps	-	No
Operating System	supermicro	x13saz-f_firmware	-	Yes
Hardware	supermicro	x13saz-f	-	No
Operating System	supermicro	x13saz-q_firmware	-	Yes
Hardware	supermicro	x13saz-q	-	No
Operating System	supermicro	x13sedw-f_firmware	-	Yes
Hardware	supermicro	x13sedw-f	-	No
Operating System	supermicro	x13seed-f_firmware	-	Yes
Hardware	supermicro	x13seed-f	-	No
Operating System	supermicro	x13seed-sf_firmware	-	Yes
Hardware	supermicro	x13seed-sf	-	No
Operating System	supermicro	x13sefr-a_firmware	-	Yes
Hardware	supermicro	x13sefr-a	-	No
Operating System	supermicro	x13sei-f_firmware	-	Yes
Hardware	supermicro	x13sei-f	-	No
Operating System	supermicro	x13sei-tf_firmware	-	Yes
Hardware	supermicro	x13sei-tf	-	No
Operating System	supermicro	x13sem-f_firmware	-	Yes
Hardware	supermicro	x13sem-f	-	No
Operating System	supermicro	x13sem-tf_firmware	-	Yes
Hardware	supermicro	x13sem-tf	-	No
Operating System	supermicro	x13set-g_firmware	-	Yes
Hardware	supermicro	x13set-g	-	No
Operating System	supermicro	x13set-gc_firmware	-	Yes
Hardware	supermicro	x13set-gc	-	No
Operating System	supermicro	x13sew-f_firmware	-	Yes
Hardware	supermicro	x13sew-f	-	No
Operating System	supermicro	x13sew-tf_firmware	-	Yes
Hardware	supermicro	x13sew-tf	-	No
Operating System	supermicro	x13sra-tf_firmware	-	Yes
Hardware	supermicro	x13sra-tf	-	No
Operating System	supermicro	x13srn-e_firmware	-	Yes
Hardware	supermicro	x13srn-e	-	No
Operating System	supermicro	x13srn-e-wohs_firmware	-	Yes
Hardware	supermicro	x13srn-e-wohs	-	No
Operating System	supermicro	x13srn-h_firmware	-	Yes
Hardware	supermicro	x13srn-h	-	No
Operating System	supermicro	x13srn-h-wohs_firmware	-	Yes
Hardware	supermicro	x13srn-h-wohs	-	No
Operating System	supermicro	x13swa-tf_firmware	-	Yes
Hardware	supermicro	x13swa-tf	-	No
Operating System	supermicro	h13dsg-o-cpu_firmware	-	Yes
Hardware	supermicro	h13dsg-o-cpu	-	No
Operating System	supermicro	h13dsg-o-cpu-d_firmware	-	Yes
Hardware	supermicro	h13dsg-o-cpu-d	-	No
Operating System	supermicro	h13dsh_firmware	-	Yes
Hardware	supermicro	h13dsh	-	No
Operating System	supermicro	h13sae-mf_firmware	-	Yes
Hardware	supermicro	h13sae-mf	-	No
Operating System	supermicro	h13srd-f_firmware	-	Yes
Hardware	supermicro	h13srd-f	-	No
Operating System	supermicro	h13ssf_firmware	-	Yes
Hardware	supermicro	h13ssf	-	No
Operating System	supermicro	h13ssh_firmware	-	Yes
Hardware	supermicro	h13ssh	-	No
Operating System	supermicro	h13ssl-n_firmware	-	Yes
Hardware	supermicro	h13ssl-n	-	No
Operating System	supermicro	h13ssl-nt_firmware	-	Yes
Hardware	supermicro	h13ssl-nt	-	No
Operating System	supermicro	h13sst-g_firmware	-	Yes
Hardware	supermicro	h13sst-g	-	No
Operating System	supermicro	h13sst-gc_firmware	-	Yes
Hardware	supermicro	h13sst-gc	-	No
Operating System	supermicro	h13ssw_firmware	-	Yes
Hardware	supermicro	h13ssw	-	No
Operating System	supermicro	x12dai-n6_firmware	-	Yes
Hardware	supermicro	x12dai-n6	-	No
Operating System	supermicro	x12ddw-a6_firmware	-	Yes
Hardware	supermicro	x12ddw-a6	-	No
Operating System	supermicro	x12dgo-6_firmware	-	Yes
Hardware	supermicro	x12dgo-6	-	No
Operating System	supermicro	x12dgq-r_firmware	-	Yes
Hardware	supermicro	x12dgq-r	-	No
Operating System	supermicro	x12dgu_firmware	-	Yes
Hardware	supermicro	x12dgu	-	No
Operating System	supermicro	x12dhm-6_firmware	-	Yes
Hardware	supermicro	x12dhm-6	-	No
Operating System	supermicro	x12dpd-a6m25_firmware	-	Yes
Hardware	supermicro	x12dpd-a6m25	-	No
Operating System	supermicro	x12dpfr-an6_firmware	-	Yes
Hardware	supermicro	x12dpfr-an6	-	No
Operating System	supermicro	x12dpg-ar_firmware	-	Yes
Hardware	supermicro	x12dpg-ar	-	No
Operating System	supermicro	x12dpg-oa6_firmware	-	Yes
Hardware	supermicro	x12dpg-oa6	-	No
Operating System	supermicro	x12dpg-oa6-gd2_firmware	-	Yes
Hardware	supermicro	x12dpg-oa6-gd2	-	No
Operating System	supermicro	x12dpg-qbt6_firmware	-	Yes
Hardware	supermicro	x12dpg-qbt6	-	No
Operating System	supermicro	x12dpg-qr_firmware	-	Yes
Hardware	supermicro	x12dpg-qr	-	No
Operating System	supermicro	x12dpg-qt6_firmware	-	Yes
Hardware	supermicro	x12dpg-qt6	-	No
Operating System	supermicro	x12dpg-u6_firmware	-	Yes
Hardware	supermicro	x12dpg-u6	-	No
Operating System	supermicro	x12dpi-n6_firmware	-	Yes
Hardware	supermicro	x12dpi-n6	-	No
Operating System	supermicro	x12dpi-nt6_firmware	-	Yes
Hardware	supermicro	x12dpi-nt6	-	No
Operating System	supermicro	x12dpl-i6_firmware	-	Yes
Hardware	supermicro	x12dpl-i6	-	No
Operating System	supermicro	x12dpl-nt6_firmware	-	Yes
Hardware	supermicro	x12dpl-nt6	-	No
Operating System	supermicro	x12dpt-b6_firmware	-	Yes
Hardware	supermicro	x12dpt-b6	-	No
Operating System	supermicro	x12dpt-pt46_firmware	-	Yes
Hardware	supermicro	x12dpt-pt46	-	No
Operating System	supermicro	x12dpt-pt6_firmware	-	Yes
Hardware	supermicro	x12dpt-pt6	-	No
Operating System	supermicro	x12dpu-6_firmware	-	Yes
Hardware	supermicro	x12dpu-6	-	No
Operating System	supermicro	x12dsc-6_firmware	-	Yes
Hardware	supermicro	x12dsc-6	-	No
Operating System	supermicro	x12qch\+_firmware	-	Yes
Hardware	supermicro	x12qch\+	-	No
Operating System	supermicro	x12sae_firmware	-	Yes
Hardware	supermicro	x12sae	-	No
Operating System	supermicro	x12sae-5_firmware	-	Yes
Hardware	supermicro	x12sae-5	-	No
Operating System	supermicro	x12sca-5f_firmware	-	Yes
Hardware	supermicro	x12sca-5f	-	No
Operating System	supermicro	x12sca-f_firmware	-	Yes
Hardware	supermicro	x12sca-f	-	No
Operating System	supermicro	x12scq_firmware	-	Yes
Hardware	supermicro	x12scq	-	No
Operating System	supermicro	x12scv-lvds_firmware	-	Yes
Hardware	supermicro	x12scv-lvds	-	No
Operating System	supermicro	x12scv-w_firmware	-	Yes
Hardware	supermicro	x12scv-w	-	No
Operating System	supermicro	x12scz-f_firmware	-	Yes
Hardware	supermicro	x12scz-f	-	No
Operating System	supermicro	x12scz-qf_firmware	-	Yes
Hardware	supermicro	x12scz-qf	-	No
Operating System	supermicro	x12scz-tln4f_firmware	-	Yes
Hardware	supermicro	x12scz-tln4f	-	No
Operating System	supermicro	x12sdv-10c-sp6f_firmware	-	Yes
Hardware	supermicro	x12sdv-10c-sp6f	-	No
Operating System	supermicro	x12sdv-10c-spt4f_firmware	-	Yes
Hardware	supermicro	x12sdv-10c-spt4f	-	No
Operating System	supermicro	x12sdv-14c-spt8f_firmware	-	Yes
Hardware	supermicro	x12sdv-14c-spt8f	-	No
Operating System	supermicro	x12sdv-16c-spt8f_firmware	-	Yes
Hardware	supermicro	x12sdv-16c-spt8f	-	No
Operating System	supermicro	x12sdv-20c-spt8f_firmware	-	Yes
Hardware	supermicro	x12sdv-20c-spt8f	-	No
Operating System	supermicro	x12sdv-4c-sp6f_firmware	-	Yes
Hardware	supermicro	x12sdv-4c-sp6f	-	No
Operating System	supermicro	x12sdv-4c-spt4f_firmware	-	Yes
Hardware	supermicro	x12sdv-4c-spt4f	-	No
Operating System	supermicro	x12sdv-4c-spt8f_firmware	-	Yes
Hardware	supermicro	x12sdv-4c-spt8f	-	No
Operating System	supermicro	x12sdv-8c-sp6f_firmware	-	Yes
Hardware	supermicro	x12sdv-8c-sp6f	-	No
Operating System	supermicro	x12sdv-8c-spt4f_firmware	-	Yes
Hardware	supermicro	x12sdv-8c-spt4f	-	No
Operating System	supermicro	x12sdv-8c-spt8f_firmware	-	Yes
Hardware	supermicro	x12sdv-8c-spt8f	-	No
Operating System	supermicro	x12sdv-8ce-sp4f_firmware	-	Yes
Hardware	supermicro	x12sdv-8ce-sp4f	-	No
Operating System	supermicro	x12spa-tf_firmware	-	Yes
Hardware	supermicro	x12spa-tf	-	No
Operating System	supermicro	x12sped-f_firmware	-	Yes
Hardware	supermicro	x12sped-f	-	No
Operating System	supermicro	x12spg-nf_firmware	-	Yes
Hardware	supermicro	x12spg-nf	-	No
Operating System	supermicro	x12spi-tf_firmware	-	Yes
Hardware	supermicro	x12spi-tf	-	No
Operating System	supermicro	x12spl-f_firmware	-	Yes
Hardware	supermicro	x12spl-f	-	No
Operating System	supermicro	x12spl-ln4f_firmware	-	Yes
Hardware	supermicro	x12spl-ln4f	-	No
Operating System	supermicro	x12spm-ln4f_firmware	-	Yes
Hardware	supermicro	x12spm-ln4f	-	No
Operating System	supermicro	x12spm-ln6tf_firmware	-	Yes
Hardware	supermicro	x12spm-ln6tf	-	No
Operating System	supermicro	x12spm-tf_firmware	-	Yes
Hardware	supermicro	x12spm-tf	-	No
Operating System	supermicro	x12spo-f_firmware	-	Yes
Hardware	supermicro	x12spo-f	-	No
Operating System	supermicro	x12spo-ntf_firmware	-	Yes
Hardware	supermicro	x12spo-ntf	-	No
Operating System	supermicro	x12spt-g_firmware	-	Yes
Hardware	supermicro	x12spt-g	-	No
Operating System	supermicro	x12spt-gc_firmware	-	Yes
Hardware	supermicro	x12spt-gc	-	No
Operating System	supermicro	x12spt-pt_firmware	-	Yes
Hardware	supermicro	x12spt-pt	-	No
Operating System	supermicro	x12spw-f_firmware	-	Yes
Hardware	supermicro	x12spw-f	-	No
Operating System	supermicro	x12spw-tf_firmware	-	Yes
Hardware	supermicro	x12spw-tf	-	No
Operating System	supermicro	x12spz-ln4f_firmware	-	Yes
Hardware	supermicro	x12spz-ln4f	-	No
Operating System	supermicro	x12spz-spln6f_firmware	-	Yes
Hardware	supermicro	x12spz-spln6f	-	No
Operating System	supermicro	x12std-f_firmware	-	Yes
Hardware	supermicro	x12std-f	-	No
Operating System	supermicro	x12ste-f_firmware	-	Yes
Hardware	supermicro	x12ste-f	-	No
Operating System	supermicro	x12sth-f_firmware	-	Yes
Hardware	supermicro	x12sth-f	-	No
Operating System	supermicro	x12sth-ln4f_firmware	-	Yes
Hardware	supermicro	x12sth-ln4f	-	No
Operating System	supermicro	x12sth-sys_firmware	-	Yes
Hardware	supermicro	x12sth-sys	-	No
Operating System	supermicro	x12stl-f_firmware	-	Yes
Hardware	supermicro	x12stl-f	-	No
Operating System	supermicro	x12stl-if_firmware	-	Yes
Hardware	supermicro	x12stl-if	-	No
Operating System	supermicro	x12stn-c_firmware	-	Yes
Hardware	supermicro	x12stn-c	-	No
Operating System	supermicro	x12stn-c-wohs_firmware	-	Yes
Hardware	supermicro	x12stn-c-wohs	-	No
Operating System	supermicro	x12stn-e_firmware	-	Yes
Hardware	supermicro	x12stn-e	-	No
Operating System	supermicro	x12stn-e-wohs_firmware	-	Yes
Hardware	supermicro	x12stn-e-wohs	-	No
Operating System	supermicro	x12stn-h_firmware	-	Yes
Hardware	supermicro	x12stn-h	-	No
Operating System	supermicro	x12stn-h-wohs_firmware	-	Yes
Hardware	supermicro	x12stn-h-wohs	-	No
Operating System	supermicro	x12stn-l_firmware	-	Yes
Hardware	supermicro	x12stn-l	-	No
Operating System	supermicro	x12stn-l-wohs_firmware	-	Yes
Hardware	supermicro	x12stn-l-wohs	-	No
Operating System	supermicro	x12stw-f_firmware	-	Yes
Hardware	supermicro	x12stw-f	-	No
Operating System	supermicro	x12stw-tf_firmware	-	Yes
Hardware	supermicro	x12stw-tf	-	No
Operating System	supermicro	h12ssw-ntr_firmware	-	Yes
Hardware	supermicro	h12ssw-ntr	-	No
Operating System	supermicro	h12ssw-ntl_firmware	-	Yes
Hardware	supermicro	h12ssw-ntl	-	No
Operating System	supermicro	h12ssw-nt_firmware	-	Yes
Hardware	supermicro	h12ssw-nt	-	No
Operating System	supermicro	h12ssw-inr_firmware	-	Yes
Hardware	supermicro	h12ssw-inr	-	No
Operating System	supermicro	h12ssw-inl_firmware	-	Yes
Hardware	supermicro	h12ssw-inl	-	No
Operating System	supermicro	h12ssw-in_firmware	-	Yes
Hardware	supermicro	h12ssw-in	-	No
Operating System	supermicro	h12ssw-an6_firmware	-	Yes
Hardware	supermicro	h12ssw-an6	-	No
Operating System	supermicro	h12sst-ps_firmware	-	Yes
Hardware	supermicro	h12sst-ps	-	No
Operating System	supermicro	h12ssl-nt_firmware	-	Yes
Hardware	supermicro	h12ssl-nt	-	No
Operating System	supermicro	h12ssl-i_firmware	-	Yes
Hardware	supermicro	h12ssl-i	-	No
Operating System	supermicro	h12ssl-ct_firmware	-	Yes
Hardware	supermicro	h12ssl-ct	-	No
Operating System	supermicro	h12ssl-c_firmware	-	Yes
Hardware	supermicro	h12ssl-c	-	No
Operating System	supermicro	h12ssg-anp6_firmware	-	Yes
Hardware	supermicro	h12ssg-anp6	-	No
Operating System	supermicro	h12ssg-an6_firmware	-	Yes
Hardware	supermicro	h12ssg-an6	-	No
Operating System	supermicro	h12ssfr-an6_firmware	-	Yes
Hardware	supermicro	h12ssfr-an6	-	No
Operating System	supermicro	h12ssff-an6_firmware	-	Yes
Hardware	supermicro	h12ssff-an6	-	No
Operating System	supermicro	h12dsu-inr_firmware	-	Yes
Hardware	supermicro	h12dsu-inr	-	No
Operating System	supermicro	h12dsu-in_firmware	-	Yes
Hardware	supermicro	h12dsu-in	-	No
Operating System	supermicro	h12dst-b_firmware	-	Yes
Hardware	supermicro	h12dst-b	-	No
Operating System	supermicro	h12dsi-nt6_firmware	-	Yes
Hardware	supermicro	h12dsi-nt6	-	No
Operating System	supermicro	h12dsi-n6_firmware	-	Yes
Hardware	supermicro	h12dsi-n6	-	No
Operating System	supermicro	h12dsg-q-cpu6_firmware	-	Yes
Hardware	supermicro	h12dsg-q-cpu6	-	No
Operating System	supermicro	h12dsg-o-cpu_firmware	-	Yes
Hardware	supermicro	h12dsg-o-cpu	-	No
Operating System	supermicro	h12dgq-nt6_firmware	-	Yes
Hardware	supermicro	h12dgq-nt6	-	No
Operating System	supermicro	h12dgo-6_firmware	-	Yes
Hardware	supermicro	h12dgo-6	-	No

References

https://blog.freax13.de/cve/cve-2023-35861 Exploit, Third Party Advisory ([email protected])
https://www.supermicro.com/en/products/motherboards Product ([email protected])
https://www.supermicro.com/en/support/security_SMTP_Jun_2023 Vendor Advisory ([email protected])
https://blog.freax13.de/cve/cve-2023-35861 Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.supermicro.com/en/products/motherboards Product (af854a3a-2127-422b-91ae-364da2661108)
https://www.supermicro.com/en/support/security_SMTP_Jun_2023 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For supermicro's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.