Login Sign Up

CVE-2023-40288

8.3 HIGH
Cross-Site Scripting

📋 TL;DR

This Cross-Site Scripting (XSS) vulnerability affects Supermicro X11SSM-F, X11SAE-F, and X11SSE-F devices running firmware version 1.66. An attacker could inject malicious scripts into web interfaces, potentially compromising BMC/IPMI management systems. Organizations using these specific Supermicro server boards with vulnerable firmware are affected.

💻 Affected Systems

Products:
  • Supermicro X11SSM-F
  • Supermicro X11SAE-F
  • Supermicro X11SSE-F
Versions: Firmware version 1.66
Operating Systems: Any OS using affected BMC/IPMI firmware
Default Config Vulnerable: ⚠️ Yes
Notes: Affects the BMC/IPMI web management interface specifically. Requires access to the management interface to exploit.

📦 What is this software?

X11sae F Firmware by Supermicro

View all CVEs affecting X11sae F Firmware →

X11sse F Firmware by Supermicro

View all CVEs affecting X11sse F Firmware →

X11ssm F Firmware by Supermicro

View all CVEs affecting X11ssm F Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of BMC/IPMI management interface leading to server control takeover, credential theft, and lateral movement within the network.

🟠

Likely Case

Session hijacking, credential theft, and unauthorized access to server management functions through the web interface.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls preventing exploitation attempts.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

XSS vulnerabilities typically have low exploitation complexity once discovered. Requires attacker to have access to the management interface.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check vendor advisory for specific patched versions

Vendor Advisory: https://www.supermicro.com/en/support/security_BMC_IPMI_Oct_2023

Restart Required: Yes

Instructions:

1. Download latest firmware from Supermicro support site. 2. Backup current configuration. 3. Update BMC/IPMI firmware via web interface or IPMI tool. 4. Verify update completion and functionality.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate BMC/IPMI management interfaces from untrusted networks

Access Control Restrictions

all

Implement strict access controls and authentication for management interfaces

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate BMC/IPMI interfaces
  • Enable multi-factor authentication and strong access controls for management interfaces

🔍 How to Verify

Check if Vulnerable:

Check BMC firmware version in web interface or via ipmitool: ipmitool mc info | grep 'Firmware Revision'

Check Version:

ipmitool mc info | grep 'Firmware Revision'

Verify Fix Applied:

Verify firmware version is updated beyond 1.66 and test web interface functionality

📡 Detection & Monitoring

Log Indicators:

  • Unusual web interface access patterns
  • Suspicious script injection attempts in web logs

Network Indicators:

  • Unusual traffic to BMC/IPMI management ports (default 443/623)

SIEM Query:

source="BMC_web_logs" AND (event="script_injection" OR event="xss_attempt")

📊 Metadata

CVE ID: CVE-2023-40288
CVSS v3 Score: 8.3 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
CWE: CWE-79
Published: March 27, 2024
Last Updated: June 18, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-40288, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)
CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)
CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)