CVE-2019-16649

high-risk

Published 2019-09-21

On Supermicro H11, H12, M11, X9, X10, and X11 products, a combination of encryption and authentication problems in the virtual media service allows capture of BMC credentials and data transferred over virtual media devices. Attackers can use captured credentials to connect virtual USB devices to the server managed by the BMC.

Do I need to act?

0.10% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 10.0/10 Critical

NETWORK / LOW complexity

Affected Products (20)

X11Dai-N Firmware

X11Dac Firmware

X11Dph-Tq Firmware

X11Dph-I Firmware

X11Dph-T Firmware

X11Dps-Re Firmware

X11Dsf-E Firmware

X11Dsn-Ts Firmware

X11Dsn-Tsq Firmware

X11Dsc\+ Firmware

X11Ddw-Nt Firmware

X11Ddw-L Firmware

X11Dgq Firmware

X11Dpff-Sn Firmware

X11Dpfr-Sn Firmware

X11Dpfr-S Firmware

X11Dpt-Ps Firmware

X11Dpt-B Firmware

X11Dpt-Bh Firmware

X11Dpt-L Firmware

Affected Vendors

Supermicro

References (6)

Third Party Advisory https://eclypsium.com/2019/09/03/usbanywhere-bmc-vulnerability-opens-servers-to-...

Third Party Advisory https://github.com/eclypsium/USBAnywhere

Vendor Advisory https://www.supermicro.com/support/security_BMC_virtual_media.cfm

Third Party Advisory https://eclypsium.com/2019/09/03/usbanywhere-bmc-vulnerability-opens-servers-to-...

Third Party Advisory https://github.com/eclypsium/USBAnywhere

Vendor Advisory https://www.supermicro.com/support/security_BMC_virtual_media.cfm

/ 100

high-risk

Severity 33/34 · Critical

Exploitability 0/34 · Minimal

Exposure 33/34 · Critical