CVE-2023-34853

high-risk

Published 2023-08-22

Buffer Overflow vulnerability in Supermicro motherboard X12DPG-QR 1.4b allows local attackers to hijack control flow via manipulation of SmcSecurityEraseSetupVar variable.

Do I need to act?

0.13% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.8/10 High

LOCAL / LOW complexity

Affected Products (20)

X12Dai-N6 Firmware

X12Ddw-A6 Firmware

X12Dgo-6 Firmware

X12Dgq-R Firmware

X12Dgu Firmware

X12Dhm-6 Firmware

X12Dpd-A6M25 Firmware

X12Dpfr-An6 Firmware

X12Dpg-Ar Firmware

X12Dpg-Oa6 Firmware

X12Dpg-Oa6-Gd2 Firmware

X12Dpg-Qbt6 Firmware

X12Dpg-Qr Firmware

X12Dpg-Qt6 Firmware

X12Dpg-U6 Firmware

X12Dpi-N6 Firmware

X12Dpi-Nt6 Firmware

X12Dpl-I6 Firmware

X12Dpl-Nt6 Firmware

X12Dpt-B6 Firmware

Affected Vendors

Supermicro

References (4)

Product https://www.supermicro.com/Bios/softfiles/17136/X12DPG-QR_1.4b_X1.02.61_SUM2.10....

Vendor Advisory https://www.supermicro.com/en/support/security_BIOS_Aug_2023

Product https://www.supermicro.com/Bios/softfiles/17136/X12DPG-QR_1.4b_X1.02.61_SUM2.10....

Vendor Advisory https://www.supermicro.com/en/support/security_BIOS_Aug_2023

/ 100

high-risk

Severity 24/34 · High

Exploitability 1/34 · Minimal

Exposure 33/34 · Critical