CVE-2023-40290

HIGHScheduled

Published:Mar 27, 2024(2 years ago)

Modified:Jun 18, 2025

Remote ExploitNo Auth RequiredScope Changes

Vulnerability Description

An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker could exploit an XSS issue that affects Internet Explorer 11 on Windows.

Attack Characteristics

Network AccessHigh ComplexityNo Auth NeededUser Interaction Required

🤖

AI analysis not yet available

Plain-English explanation, risk summary, and remediation steps will appear here once AI analysis is complete.

No Fix Known

No patch has been released yet. Apply workarounds or mitigations where available.

Affected Software

Vendor	Product	Versions	Fixed In
supermicro	x11ssm-f_firmware	-	-
supermicro	x11sae-f_firmware	-	-
supermicro	x11sse-f_firmware

Timeline

Published
CVE disclosed publicly
Mar 27, 20242 years ago
Last Modified
Most recent update
Jun 18, 202511 months ago
Indexed to CVEInsight
Added to this platform
Mar 29, 20261 month ago

References

https://www.supermicro.com/en/support/security_BMC_IPMI_Oct_2023Vendor Advisory
https://www.supermicro.com/en/support/security_center#%21advisoriesVendor Advisory
https://www.supermicro.com/en/support/security_BMC_IPMI_Oct_2023Vendor Advisory

CVSS Score

v3.1

8.3/ 10.0

HIGH

AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

At a Glance

Affected Products

References

supermicro / x11ssm-f_firmware

CVE-2023-40290

Vulnerability Description

Attack Characteristics

Affected Software

Timeline

References

CVSS Score

At a Glance

Official Sources

CVSS v3 Vector

Impact Analysis

CVE-2023-40290

✦ Vulnerability Description

Attack Characteristics

Affected Software

Timeline

References

CVSS Score

At a Glance

Official Sources

CVSS v3 Vector

Impact Analysis

Vulnerability Description