CVE-2023-33412
8.8 HIGH
📋 TL;DR
This vulnerability allows remote authenticated users to execute arbitrary commands on Supermicro X11 and M11 based devices via crafted requests to vulnerable CGI endpoints in the IPMI/BMC web interface. It affects Supermicro devices with firmware versions before 3.17.02. Attackers with valid credentials can achieve remote code execution on the baseboard management controller.
💻 Affected Systems
Products:
- Supermicro X11 based devices
- Supermicro M11 based devices
Versions: Firmware versions before 3.17.02
Operating Systems: Not applicable - BMC firmware vulnerability
Default Config Vulnerable:
⚠️ Yes
Notes: Requires authenticated access to IPMI/BMC web interface. Affects the baseboard management controller firmware, not the host operating system.
📦 What is this software?
B12dpe 6 Firmware by Supermicro
B12dpt 6 Firmware by Supermicro
B13dee Firmware by Supermicro
B13det Firmware by Supermicro
B13seg Firmware by Supermicro
H12dgo 6 Firmware by Supermicro
H12dst B Firmware by Supermicro
H12ssl C Firmware by Supermicro
H12ssl I Firmware by Supermicro
H13dsh Firmware by Supermicro
H13sra F Firmware by Supermicro
H13srd F Firmware by Supermicro
H13ssf Firmware by Supermicro
H13ssh Firmware by Supermicro
H13ssl N Firmware by Supermicro
H13sst G Firmware by Supermicro
H13ssw Firmware by Supermicro
H13svw N Firmware by Supermicro
X11dac Firmware by Supermicro
X11dai N Firmware by Supermicro
X11ddw L Firmware by Supermicro
X11dgo T Firmware by Supermicro
X11dgq Firmware by Supermicro
X11dpd L Firmware by Supermicro
X11dph I Firmware by Supermicro
X11dph T Firmware by Supermicro
X11dpi N Firmware by Supermicro
X11dpl I Firmware by Supermicro
X11dpt B Firmware by Supermicro
X11dpt L Firmware by Supermicro
X11dpu Firmware by Supermicro
X11dpu R Firmware by Supermicro
X11dpu V Firmware by Supermicro
X11dpx T Firmware by Supermicro
X11dsc Firmware by Supermicro
X11dsc Firmware by Supermicro
X11dsf E Firmware by Supermicro
X11qph\+ Firmware by Supermicro
X11qpl Firmware by Supermicro
X11saa Firmware by Supermicro
X11sae F Firmware by Supermicro
X11sae Firmware by Supermicro
X11sae M Firmware by Supermicro
X11san Firmware by Supermicro
X11sat F Firmware by Supermicro
X11sat Firmware by Supermicro
X11sba F Firmware by Supermicro
X11sca F Firmware by Supermicro
X11sca Firmware by Supermicro
X11sca W Firmware by Supermicro
X11scd F Firmware by Supermicro
X11sce F Firmware by Supermicro
X11sch F Firmware by Supermicro
X11scl F Firmware by Supermicro
X11scm F Firmware by Supermicro
X11scq Firmware by Supermicro
X11scq L Firmware by Supermicro
X11scv L Firmware by Supermicro
X11scv Q Firmware by Supermicro
X11scw F Firmware by Supermicro
X11scz F Firmware by Supermicro
X11scz Q Firmware by Supermicro
X11spa T Firmware by Supermicro
X11spd F Firmware by Supermicro
X11spl F Firmware by Supermicro
X11spm F Firmware by Supermicro
X11sra F Firmware by Supermicro
X11sra Firmware by Supermicro
X11srl F Firmware by Supermicro
X11srm F Firmware by Supermicro
X11ssa F Firmware by Supermicro
X11ssd F Firmware by Supermicro
X11sse F Firmware by Supermicro
X11ssh F Firmware by Supermicro
X11ssl F Firmware by Supermicro
X11ssl Firmware by Supermicro
X11ssm F Firmware by Supermicro
X11ssm Firmware by Supermicro
X11ssn E Firmware by Supermicro
X11ssn H Firmware by Supermicro
X11ssn L Firmware by Supermicro
X11ssq Firmware by Supermicro
X11ssq L Firmware by Supermicro
X11ssv Q Firmware by Supermicro
X11ssw F Firmware by Supermicro
X11ssz F Firmware by Supermicro
X11swn C Firmware by Supermicro
X11swn E Firmware by Supermicro
X11swn H Firmware by Supermicro
X11swn L Firmware by Supermicro
X12dgo 6 Firmware by Supermicro
X12dgq R Firmware by Supermicro
X12dgu Firmware by Supermicro
X12dhm 6 Firmware by Supermicro
X12dpu 6 Firmware by Supermicro
X12dsc 6 Firmware by Supermicro
X12qch\+ Firmware by Supermicro
X12sae 5 Firmware by Supermicro
X12sae Firmware by Supermicro
X12sca F Firmware by Supermicro
X12scq Firmware by Supermicro
X12scv W Firmware by Supermicro
X12scz F Firmware by Supermicro
X12spl F Firmware by Supermicro
X12spo F Firmware by Supermicro
X12spt G Firmware by Supermicro
X12spw F Firmware by Supermicro
X12std F Firmware by Supermicro
X12ste F Firmware by Supermicro
X12sth F Firmware by Supermicro
X12stl F Firmware by Supermicro
X12stn C Firmware by Supermicro
X12stn E Firmware by Supermicro
X12stn H Firmware by Supermicro
X12stn L Firmware by Supermicro
X12stw F Firmware by Supermicro
X13dai T Firmware by Supermicro
X13ddw A Firmware by Supermicro
X13deh Firmware by Supermicro
X13dei Firmware by Supermicro
X13dei T Firmware by Supermicro
X13dem Firmware by Supermicro
X13det B Firmware by Supermicro
X13dgu Firmware by Supermicro
X13dsf A Firmware by Supermicro
X13qeh\+ Firmware by Supermicro
X13sae F Firmware by Supermicro
X13sae Firmware by Supermicro
X13san C Firmware by Supermicro
X13san E Firmware by Supermicro
X13san H Firmware by Supermicro
X13san L Firmware by Supermicro
X13saq Firmware by Supermicro
X13saz F Firmware by Supermicro
X13saz Q Firmware by Supermicro
X13sei F Firmware by Supermicro
X13sem F Firmware by Supermicro
X13set G Firmware by Supermicro
X13sew F Firmware by Supermicro
X13srn E Firmware by Supermicro
X13srn H Firmware by Supermicro
⚠️ Risk & Real-World Impact
Worst Case
Full compromise of BMC allowing persistent access, firmware modification, hardware manipulation, and lateral movement to connected servers.
Likely Case
Unauthorized command execution on BMC leading to data exfiltration, denial of service, or credential harvesting.
If Mitigated
Limited impact if strong authentication, network segmentation, and access controls prevent exploitation attempts.
🌐 Internet-Facing: HIGH - IPMI/BMC interfaces exposed to internet are prime targets for credential stuffing and exploitation.
🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems could exploit this vulnerability.
🎯 Exploit Status
Public PoC:
✅ No
Weaponized:
UNKNOWN
Unauthenticated Exploit:
✅ No
Complexity:
LOW - Requires authenticated access but exploitation appears straightforward once credentials are obtained.
Exploitation requires valid credentials to the IPMI/BMC interface. Credential harvesting or brute force attacks could enable exploitation.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 3.17.02 or later
Vendor Advisory: https://www.supermicro.com/en/support/security_BMC_Dec_2023
Restart Required: Yes
Instructions:
1. Download firmware update from Supermicro support portal. 2. Access IPMI/BMC web interface with admin credentials. 3. Navigate to Maintenance > Firmware Update. 4. Upload firmware file and follow update process. 5. System will reboot automatically.
🔧 Temporary Workarounds
Network Segmentation
allIsolate IPMI/BMC interfaces from untrusted networks and restrict access to management VLANs only.
Access Control Restrictions
allImplement strict access controls, strong authentication, and limit administrative access to IPMI/BMC interfaces.
🧯 If You Can't Patch
- Implement network segmentation to isolate BMC interfaces from production networks
- Enforce strong authentication policies and monitor for brute force attempts
🔍 How to Verify
Check if Vulnerable:
Check BMC firmware version via IPMI web interface under Information > BMC Information, or use ipmitool: ipmitool mc info | grep 'Firmware Revision'Check Version:
ipmitool mc info | grep 'Firmware Revision'Verify Fix Applied:
Verify firmware version is 3.17.02 or later using same methods as checking vulnerability.📡 Detection & Monitoring
Log Indicators:
- Unusual CGI endpoint access in BMC logs
- Multiple failed authentication attempts followed by successful login
- Unexpected command execution patterns
Network Indicators:
- Unusual traffic to IPMI/BMC web interface CGI endpoints
- Suspicious POST requests to CGI scripts
SIEM Query:
source="BMC_logs" AND (uri="*.cgi" OR method="POST") AND status="200"