CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2019-19642

On SuperMicro X8STi-F motherboards with IPMI firmware 2.06 and BIOS 02.68, the Virtual Media feature allows OS Command Injection by authenticated attackers who can send HTTP requests to the IPMI IP address. This requires a POST to /rpc/setvmdrive.asp with shell metacharacters in ShareHost or ShareName. The attacker can achieve a persistent backdoor.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.26

EPSS Ranking 96.1%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 9.0

References

https://www.dark-sec.net/2019/12/supermicro-ipmi-exploitation.html
https://www.dark-sec.net/2019/12/supermicro-ipmi-exploitation.html

Products affected by CVE-2019-19642

Supermicro » X8sti-F » Version: N/A

cpe:2.3:h:supermicro:x8sti-f:-
Supermicro » X8sti-F Bios » Version: 02.68

cpe:2.3:o:supermicro:x8sti-f_bios:02.68
Supermicro » X8sti-F Firmware » Version: 2.06

cpe:2.3:o:supermicro:x8sti-f_firmware:2.06

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-19642

Products

Pricing

Contact Us