CVEInsight.

Free vulnerability intelligence for developers, security teams, and researchers. Data sourced from public databases for informational purposes only.

Explore

Legal

CVE data sourced from NVD / NIST & public disclosures.

supermicro

b10drt_firmware

3 known vulnerabilities · sorted by CVSS score

CVE-2019-16650

CRITICAL10.0

On Supermicro X10 and X11 products, a client's access privileges may be transferred to a different client that later has the same socket file descriptor number. In opportunistic circumstances, an attacker can simply connect to the virtual media service, and then connect virtual USB devices to the server managed by the BMC.

supermicro / x11dai-n_firmware+264

Network

Published Sep 21, 2019

CVE-2019-16649

CRITICAL10.0

On Supermicro H11, H12, M11, X9, X10, and X11 products, a combination of encryption and authentication problems in the virtual media service allows capture of BMC credentials and data transferred over virtual media devices. Attackers can use captured credentials to connect virtual USB devices to the server managed by the BMC.

supermicro / x10drt-libq_firmware+337

Network

Published Sep 21, 2019

CVE-2018-13787

MEDIUM6.7

Certain Supermicro X11S, X10, X9, X8SI, K1SP, C9X299, C7, B1, A2, and A1 products have a misconfigured Descriptor Region, allowing OS programs to modify firmware.

supermicro / x11ssz_firmware+109

Local

Published Jul 9, 2018