CVE-2019-16650

high-risk
Published 2019-09-21

On Supermicro X10 and X11 products, a client's access privileges may be transferred to a different client that later has the same socket file descriptor number. In opportunistic circumstances, an attacker can simply connect to the virtual media service, and then connect virtual USB devices to the server managed by the BMC.

Do I need to act?

-
0.65% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
10
CVSS 10.0/10 Critical
NETWORK / LOW complexity

Affected Products (20)

X11Dai-N Firmware
X11Dac Firmware
X11Dph-Tq Firmware
X11Dph-I Firmware
X11Dph-T Firmware
X11Dps-Re Firmware
X11Dsf-E Firmware
X11Dsn-Ts Firmware
X11Dsn-Tsq Firmware
X11Dsc\+ Firmware
X11Ddw-Nt Firmware
X11Ddw-L Firmware
X11Dgq Firmware
X11Dpff-Sn Firmware
X11Dpfr-Sn Firmware
X11Dpfr-S Firmware
X11Dpt-Ps Firmware
X11Dpt-B Firmware
X11Dpt-Bh Firmware
X11Dpt-L Firmware

Affected Vendors

Supermicro

References (6)

Mitigation https://eclypsium.com/2019/09/03/usbanywhere-bmc-vulnerability-opens-servers-to-...
Third Party Advisory https://github.com/eclypsium/USBAnywhere
Vendor Advisory https://www.supermicro.com/support/security_BMC_virtual_media.cfm
Mitigation https://eclypsium.com/2019/09/03/usbanywhere-bmc-vulnerability-opens-servers-to-...
Third Party Advisory https://github.com/eclypsium/USBAnywhere
Vendor Advisory https://www.supermicro.com/support/security_BMC_virtual_media.cfm
68
/ 100
high-risk
Severity 33/34 · Critical
Exploitability 2/34 · Minimal
Exposure 33/34 · Critical