CVE-2023-33411
high-risk
Published 2023-12-07
A web server in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implementation on Supermicro X11 and M11 based devices, with firmware versions up to 3.17.02, allows remote unauthenticated users to perform directory traversal, potentially disclosing sensitive information.
Do I need to act?
~
1.7% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10
High
NETWORK
/ LOW complexity
Affected Products (20)
M11Sdv-4C-Ln4F Firmware
M11Sdv-4Ct-Ln4F Firmware
M11Sdv-8C-Ln4F Firmware
M11Sdv-8Ct-Ln4F Firmware
M11Sdv-8C\+-Ln4F Firmware
C9X299-Pg Firmware
C9X299-Pg300 Firmware
C9X299-Pg300F Firmware
C9X299-Pgf Firmware
C9X299-Pgf-L Firmware
C9X299-Rpgf Firmware
C9X299-Rpgf-L Firmware
B13Dee Firmware
B13Det Firmware
B13See-Cpu-25G Firmware
B13Seg Firmware
H13Dsg-O-Cpu Firmware
H13Dsg-O-Cpu-D Firmware
H13Dsg-Om Firmware
H13Dsh Firmware
Affected Vendors
References (4)
Product
http://supermicro.com
Vendor Advisory
https://www.supermicro.com/en/support/security_BMC_Dec_2023
Product
http://supermicro.com
Vendor Advisory
https://www.supermicro.com/en/support/security_BMC_Dec_2023
64
/ 100
high-risk
Severity
26/34 · High
Exploitability
5/34 · Minimal
Exposure
33/34 · Critical