CVE-2023-35861
📋 TL;DR
CVE-2023-35861 is a shell injection vulnerability in Supermicro motherboard BMC email notifications that allows remote attackers to execute arbitrary commands as root. This affects Supermicro H12DST-B motherboards with BMC firmware before version 03.10.35. Attackers can gain complete control over the BMC, which manages the server hardware.
💻 Affected Systems
- Supermicro H12DST-B motherboards
📦 What is this software?
H12dgo 6 Firmware by Supermicro
H12dst B Firmware by Supermicro
H12dst B Firmware by Supermicro
H12ssl C Firmware by Supermicro
H12ssl I Firmware by Supermicro
H13dsh Firmware by Supermicro
H13srd F Firmware by Supermicro
H13ssf Firmware by Supermicro
H13ssh Firmware by Supermicro
H13ssl N Firmware by Supermicro
H13sst G Firmware by Supermicro
H13ssw Firmware by Supermicro
X12dgo 6 Firmware by Supermicro
X12dgq R Firmware by Supermicro
X12dgu Firmware by Supermicro
X12dhm 6 Firmware by Supermicro
X12dpu 6 Firmware by Supermicro
X12dsc 6 Firmware by Supermicro
X12qch\+ Firmware by Supermicro
X12sae 5 Firmware by Supermicro
X12sae Firmware by Supermicro
X12sca F Firmware by Supermicro
X12scq Firmware by Supermicro
X12scv W Firmware by Supermicro
X12scz F Firmware by Supermicro
X12spl F Firmware by Supermicro
X12spo F Firmware by Supermicro
X12spt G Firmware by Supermicro
X12spw F Firmware by Supermicro
X12std F Firmware by Supermicro
X12ste F Firmware by Supermicro
X12sth F Firmware by Supermicro
X12stl F Firmware by Supermicro
X12stn C Firmware by Supermicro
X12stn E Firmware by Supermicro
X12stn H Firmware by Supermicro
X12stn L Firmware by Supermicro
X12stw F Firmware by Supermicro
X13dai T Firmware by Supermicro
X13ddw A Firmware by Supermicro
X13dei Firmware by Supermicro
X13dei T Firmware by Supermicro
X13dem Firmware by Supermicro
X13det B Firmware by Supermicro
X13dgu Firmware by Supermicro
X13dsf A Firmware by Supermicro
X13qeh\+ Firmware by Supermicro
X13sae F Firmware by Supermicro
X13sae Firmware by Supermicro
X13san C Firmware by Supermicro
X13san E Firmware by Supermicro
X13san H Firmware by Supermicro
X13san L Firmware by Supermicro
X13saq Firmware by Supermicro
X13saz F Firmware by Supermicro
X13saz Q Firmware by Supermicro
X13sei F Firmware by Supermicro
X13sem F Firmware by Supermicro
X13set G Firmware by Supermicro
X13sew F Firmware by Supermicro
X13srn E Firmware by Supermicro
X13srn H Firmware by Supermicro
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of BMC with root access, allowing attackers to install persistent backdoors, manipulate hardware settings, intercept traffic, or brick the server.
Likely Case
Remote code execution leading to data theft, lateral movement within the network, or cryptomining deployment.
If Mitigated
Limited impact if network segmentation isolates BMC interfaces and strict access controls are implemented.
🎯 Exploit Status
Exploit requires network access to BMC interface. Public technical details available in security blogs.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: BMC firmware 03.10.35 or later
Vendor Advisory: https://www.supermicro.com/en/support/security_SMTP_Jun_2023
Restart Required: Yes
Instructions:
1. Download latest BMC firmware from Supermicro support site. 2. Log into BMC web interface. 3. Navigate to Maintenance > Firmware Update. 4. Upload and apply firmware update. 5. Reboot BMC after update completes.
🔧 Temporary Workarounds
Disable SMTP/Email Notifications
linuxTemporarily disable email notification feature to prevent exploitation vector
ipmitool raw 0x32 0x6a 0x20 0x00 0x00 0x00 0x00 0x00 0x00 0x00
Network Segmentation
allIsolate BMC interfaces to dedicated management network
🧯 If You Can't Patch
- Implement strict network access controls to BMC interfaces (firewall rules, VLAN segmentation)
- Disable SMTP/email notification functionality in BMC settings
🔍 How to Verify
Check if Vulnerable:
Check BMC firmware version via web interface or IPMI command: ipmitool mc info | grep 'Firmware Revision'Check Version:
ipmitool mc info | grep 'Firmware Revision'Verify Fix Applied:
Confirm firmware version is 03.10.35 or higher using same command📡 Detection & Monitoring
Log Indicators:
- Unusual BMC login attempts
- SMTP configuration changes in BMC logs
- Unexpected command execution in BMC audit logs
Network Indicators:
- Unusual traffic to BMC IPMI port (623/UDP, 443/TCP)
- SMTP traffic from BMC to unexpected destinations
SIEM Query:
source="BMC" AND (event="configuration_change" OR event="command_execution")🔗 References
- https://blog.freax13.de/cve/cve-2023-35861
- https://www.supermicro.com/en/products/motherboards
- https://www.supermicro.com/en/support/security_SMTP_Jun_2023
- https://blog.freax13.de/cve/cve-2023-35861
- https://www.supermicro.com/en/products/motherboards
- https://www.supermicro.com/en/support/security_SMTP_Jun_2023
