CVE-2023-40290
📋 TL;DR
This Cross-Site Scripting (XSS) vulnerability affects Supermicro X11SSM-F, X11SAE-F, and X11SSE-F BMC/IPMI firmware version 1.66. Attackers can inject malicious scripts that execute in Internet Explorer 11 on Windows when users access the BMC web interface, potentially compromising BMC credentials and control.
💻 Affected Systems
- Supermicro X11SSM-F
- Supermicro X11SAE-F
- Supermicro X11SSE-F
📦 What is this software?
X11sae F Firmware by Supermicro
X11sse F Firmware by Supermicro
X11ssm F Firmware by Supermicro
⚠️ Risk & Real-World Impact
Worst Case
Full BMC compromise allowing attacker to execute arbitrary commands, modify firmware, access host system, or cause denial of service through BMC manipulation.
Likely Case
Session hijacking, credential theft, or unauthorized BMC configuration changes leading to partial system compromise.
If Mitigated
Limited impact with proper network segmentation, browser restrictions, and authentication controls preventing successful exploitation.
🎯 Exploit Status
Requires user interaction (visiting malicious link or page) and Internet Explorer 11 on Windows. No authentication bypass required but needs user to be logged into BMC interface.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Update to firmware version 1.67 or later
Vendor Advisory: https://www.supermicro.com/en/support/security_BMC_IPMI_Oct_2023
Restart Required: Yes
Instructions:
1. Download latest firmware from Supermicro support site. 2. Log into BMC web interface. 3. Navigate to Maintenance > Firmware Update. 4. Upload firmware file. 5. Apply update and wait for automatic reboot.
🔧 Temporary Workarounds
Restrict BMC Interface Access
allLimit BMC network access to management VLAN only and restrict to authorized IPs
Browser Restrictions
windowsBlock Internet Explorer 11 access to BMC interface or enforce modern browser usage
🧯 If You Can't Patch
- Isolate BMC management network from user networks and internet
- Implement strict access controls and monitor BMC interface access logs
🔍 How to Verify
Check if Vulnerable:
Check BMC firmware version in web interface under Maintenance > Firmware InformationCheck Version:
ipmitool mc info | grep 'Firmware Revision' (Linux) or check web interfaceVerify Fix Applied:
Confirm firmware version shows 1.67 or higher after update📡 Detection & Monitoring
Log Indicators:
- Unusual BMC web interface access patterns
- Multiple failed login attempts followed by script-like requests
Network Indicators:
- HTTP requests with suspicious script tags or encoded payloads to BMC IP
SIEM Query:
source="BMC_logs" AND (http_uri CONTAINS "<script>" OR http_uri CONTAINS "javascript:")