An issue was discovered on Supermicro BMC firmware in select X11, X12, H12, B12, X13, H13, and B13 motherboards (and CMM6 modules). An unauthenticated user can post crafted data to the interface that triggers a stack buffer overflow, and may lead to arbitrary remote code execution on a BMC.
Metrics
No CVSS v4.0
Attack Vector Network
Attack Complexity Low
Privileges Required None
Scope Unchanged
Confidentiality Impact High
Integrity Impact High
Availability Impact High
User Interaction None
No CVSS v3.0
No CVSS v2
This CVE is not in the KEV list.
The EPSS score is 0.08102.
Exploitation none
Automatable yes
Technical Impact total
Affected Vendors & Products
Vendors | Products |
---|---|
Supermicro |
|
No data.
No data.
No data.
Advisories
Source | ID | Title |
---|---|---|
![]() |
EUVD-2024-36083 | An issue was discovered on Supermicro BMC firmware in select X11, X12, H12, B12, X13, H13, and B13 motherboards (and CMM6 modules). An unauthenticated user can post crafted data to the interface that triggers a stack buffer overflow, and may lead to arbitrary remote code execution on a BMC. |
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
No history.

Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2024-08-02T03:37:05.220Z
Reserved: 2024-05-27T00:00:00
Link: CVE-2024-36435

Updated: 2024-07-22T14:00:43.844Z

Status : Awaiting Analysis
Published: 2024-07-11T21:15:12.507
Modified: 2024-11-21T09:22:10.433
Link: CVE-2024-36435

No data.

No data.