CVE-2024-36435 - Vulnerability Details

Description

An issue was discovered on Supermicro BMC firmware in select X11, X12, H12, B12, X13, H13, and B13 motherboards (and CMM6 modules). An unauthenticated user can post crafted data to the interface that triggers a stack buffer overflow, and may lead to arbitrary remote code execution on a BMC.

Published: 2024-07-11

Score: 9.8 Critical

EPSS: 12.9% Moderate

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

No data.

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2024-36083	An issue was discovered on Supermicro BMC firmware in select X11, X12, H12, B12, X13, H13, and B13 motherboards (and CMM6 modules). An unauthenticated user can post crafted data to the interface that triggers a stack buffer overflow, and may lead to arbitrary remote code execution on a BMC.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.1287.

Exploitation none

Automatable yes

Technical Impact total

References

Link	Providers
https://www.supermicro.com/zh_tw/support/security_BMC_IPMI_Jul_2024

History

No history.

Subscriptions

Supermicro B12dpe-6 Firmware B12dpt-6 Firmware B12spe-cpu-25g Firmware B13dee Firmware B13det Firmware B13see-cpu-25g Firmware B13seg Firmware H12dgo-6 Firmware H12dgq-nt6 Firmware H12dsg-o-cpu Firmware H12dsg-q-cpu6 Firmware H12dsi-n6 Firmware H12dsi-nt6 Firmware H12dst-b Firmware H12dsu-in Firmware H12dsu-inr Firmware H12ssff-an6 Firmware H12ssfr-an6 Firmware H12ssg-an6 Firmware H12ssg-anp6 Firmware H12ssl-c Firmware H12ssl-i Firmware H12ssl-nt Firmware H12sst-ps Firmware H12ssw-an6 Firmware H12ssw-in Firmware H12ssw-inl Firmware H12ssw-inr Firmware H12ssw-nt Firmware H12ssw-ntl Firmware H12ssw-ntr Firmware H13dsg-o-cpu-d Firmware H13dsg-o-cpu Firmware H13dsg-om Firmware H13dsh Firmware H13sae-mf Firmware H13sra-f Firmware H13sra-tf Firmware H13srd-f Firmware H13ssf Firmware H13ssh Firmware H13ssl-n Firmware H13ssl-nt Firmware H13sst-g Firmware H13sst-gc Firmware H13ssw Firmware H13svw-n Firmware H13svw-nt Firmware X11dac Firmware X11dai-n Firmware X11ddw-l Firmware X11ddw-nt Firmware X11dgo-t Firmware X11dgq Firmware X11dpd-l Firmware X11dpd-m25 Firmware X11dpff-sn Firmware X11dpff-snr Firmware X11dpfr-s Firmware X11dpfr-sn Firmware X11dpg-hgx2 Firmware X11dpg-ot-cpu Firmware X11dpg-qt Firmware X11dpg-sn Firmware X11dph-i Firmware X11dph-t Firmware X11dph-tq Firmware X11dpi-n Firmware X11dpi-nt Firmware X11dpl-i Firmware X11dps-re Firmware X11dpt-b Firmware X11dpt-bh Firmware X11dpt-br Firmware X11dpt-l Firmware X11dpt-ps Firmware X11dpu-r Firmware X11dpu-v Firmware X11dpu-x Firmware X11dpu-xll Firmware X11dpu-z\+ Firmware X11dpu-ze\+ Firmware X11dpu Firmware X11dpx-t Firmware X11dsc\+ Firmware X11dsc Firmware X11dsf-e Firmware X11dsn-ts Firmware X11dsn-tsq Firmware X11opi-cpu-cl Firmware X11opi-cpu Firmware X11pdg-ot Firmware X11pdg-qt Firmware X11pdg-sn Firmware X11qph\+ Firmware X11qpl Firmware X11saa Firmware X11sae-f Firmware X11sae-m Firmware X11sae Firmware X11sae M Firmware X11san-wohs Firmware X11san Firmware X11sat-f Firmware X11sat Firmware X11sba-f Firmware X11sba-ln4f Firmware X11sba Firmware X11sca-f Firmware X11sca-w Firmware X11sca Firmware X11scd-f Firmware X11sce-f Firmware X11sch-f Firmware X11sch-ln4f Firmware X11scl-f Firmware X11scl-if Firmware X11scl-ln4f Firmware X11scm-f Firmware X11scm-ln8f Firmware X11scq-l Firmware X11scq Firmware X11scv-l Firmware X11scv-q Firmware X11scz-f Firmware X11scz-q Firmware X11sdc-16c Firmware X11sdc-4c Firmware X11sdc-8c Firmware X11sdd-18c-f Firmware X11sdd-8c-f Firmware X11sds-12c Firmware X11sds-14c Firmware X11sds-16c Firmware X11sds-8c Firmware X11sdv-12c-tln2f Firmware X11sdv-12c-tp8f Firmware X11sdv-16c-tln2f Firmware X11sdv-16c-tp8f Firmware X11sdv-16c\+-tln2f Firmware X11sdv-4c-tln2f Firmware X11sdv-4c-tp8f-01 Firmware X11sdv-4c-tp8f Firmware X11sdv-8c-tln2f Firmware X11sdv-8c-tp8f Firmware X11sdv-8c\+-tln2f Firmware X11sdw-12c-tp13f Firmware X11sdw-14c-tp13f Firmware X11sdw-14cn-tp13f\+ Firmware X11sdw-14cnt-tp13f Firmware X11sdw-16c-tp13f\+ Firmware X11sdw-16c-tp13f Firmware X11sdw-4c-tp13f\+ Firmware X11sdw-4c-tp13f Firmware X11sdw-8c-tp13f Firmware X11spa-t Firmware X11spa-tf Firmware X11spd-f Firmware X11spg-tf Firmware X11sph-nctf Firmware X11sph-nctpf Firmware X11spi-tf Firmware X11spl-f Firmware X11spm-f Firmware X11spm-tf Firmware X11spm-tpf Firmware X11spw-ctf Firmware X11spw-tf Firmware X11sra-f Firmware X11sra-rf Firmware X11sra Firmware X11sri-if Firmware X11srl-f Firmware X11srm-f Firmware X11srm-vf Firmware X11srm Firmware X11ssa-f Firmware X11ssd-f Firmware X11sse-f Firmware X11ssh-ctf Firmware X11ssh-f Firmware X11ssh-gf-1585 Firmware X11ssh-gf-1585l Firmware X11ssh-gtf-1585 Firmware X11ssh-gtf-1585l Firmware X11ssh-ln4f Firmware X11ssh-tf Firmware X11ssi-ln4f Firmware X11ssl-cf Firmware X11ssl-f Firmware X11ssl-nf Firmware X11ssl Firmware X11ssm-f Firmware X11ssm Firmware X11ssn-e-001 Firmware X11ssn-e-vdc Firmware X11ssn-e-wohs Firmware X11ssn-e Firmware X11ssn-h-001 Firmware X11ssn-h-vdc Firmware X11ssn-h-wohs Firmware X11ssn-h Firmware X11ssn-l-001 Firmware X11ssn-l-vdc Firmware X11ssn-l-wohs Firmware X11ssn-l Firmware X11ssn Firmware X11ssq-l Firmware X11ssq Firmware X11ssql Firmware X11ssv-lvds Firmware X11ssv-m4 Firmware X11ssv-m4f Firmware X11ssv-q Firmware X11ssw-4tf Firmware X11ssw-f Firmware X11ssw-tf Firmware X11ssz-f Firmware X11ssz-qf Firmware X11ssz Firmware X11swn-c-wohs Firmware X11swn-e-wohs Firmware X11swn-e Firmware X11swn-h-wohs Firmware X11swn-h Firmware X11swn-l-wohs Firmware X11swn-l Firmware X12dai-n6 Firmware X12ddw-a6 Firmware X12dgo-6 Firmware X12dgq-r Firmware X12dgu Firmware X12dhm-6 Firmware X12dpd-a6m25 Firmware X12dpfr-an6 Firmware X12dpg-ar Firmware X12dpg-oa6-gd2 Firmware X12dpg-oa6 Firmware X12dpg-qbt6 Firmware X12dpg-qr Firmware X12dpg-qt6 Firmware X12dpg-u6 Firmware X12dpi-n6 Firmware X12dpi-nt6 Firmware X12dpl-i6 Firmware X12dpl-nt6 Firmware X12dpt-b6 Firmware X12dpt-pt46 Firmware X12dpt-pt6 Firmware X12dpu-6 Firmware X12qch\+ Firmware X12sae-5 Firmware X12sae Firmware X12sca-5f Firmware X12sca-f Firmware X12scq Firmware X12scv-lvds Firmware X12scv-w Firmware X12scz-f Firmware X12scz-qf Firmware X12scz-tln4f Firmware X12sdv-10c-sp6f Firmware X12sdv-10c-spt4f Firmware X12sdv-14c-spt8f Firmware X12sdv-16c-spt8f Firmware X12sdv-20c-spt8f Firmware X12sdv-4c-sp6f Firmware X12sdv-4c-spt4f Firmware X12sdv-4c-spt8f Firmware X12sdv-8c-sp6f Firmware X12sdv-8c-spt4f Firmware X12sdv-8c-spt8f Firmware X12sdv-8ce-sp4f Firmware X12spa-tf Firmware X12sped-f Firmware X12spg-nf Firmware X12spi-tf Firmware X12spl-f Firmware X12spl-ln4f Firmware X12spm-ln4f Firmware X12spm-ln6tf Firmware X12spm-tf Firmware X12spo-f Firmware X12spo-ntf Firmware X12spt-g Firmware X12spt-gc Firmware X12spt-pt Firmware X12spw-f Firmware X12spw-tf Firmware X12spz-ln4f Firmware X12spz-spln6f Firmware X12std-f Firmware X12ste-f Firmware X12sth-f Firmware X12sth-ln4f Firmware X12sth-sys Firmware X12stl-f Firmware X12stl-if Firmware X12stn-c-wohs Firmware X12stn-c Firmware X12stn-e-wohs Firmware X12stn-e Firmware X12stn-h-wohs Firmware X12stn-h Firmware X12stn-l-wohs Firmware X12stn-l Firmware X12stw-f Firmware X12stw-tf Firmware X13dai-t Firmware X13ddw-a Firmware X13deg-oa Firmware X13deg-oad Firmware X13deg-pvc Firmware X13deg-qt Firmware X13deh Firmware X13dei-t Firmware X13dei Firmware X13dem Firmware X13det-b Firmware X13dgu Firmware X13dsf-a Firmware X13qeh\+ Firmware X13sae-f Firmware X13sae Firmware X13san-c-wohs Firmware X13san-c Firmware X13san-e-wohs Firmware X13san-e Firmware X13san-h-wohs Firmware X13san-h Firmware X13san-l-wohs Firmware X13san-l Firmware X13saq Firmware X13sav-lvds Firmware X13sav-ps Firmware X13saz-f Firmware X13saz-q Firmware X13sedw-f Firmware X13seed-f Firmware X13seed-sf Firmware X13sefr-a Firmware X13sei-f Firmware X13sei-tf Firmware X13sem-f Firmware X13sem-tf Firmware X13set-g Firmware X13set-gc Firmware X13sew-f Firmware X13sew-tf Firmware X13sra-tf Firmware X13srn-e-wohs Firmware X13srn-e Firmware X13srn-h-wohs Firmware X13srn-h Firmware X13swa-tf Firmware

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-07-11T00:00:00.000Z

Updated: 2024-08-02T03:37:05.220Z

Reserved: 2024-05-27T00:00:00.000Z

Link: CVE-2024-36435

Vulnrichment

Updated: 2024-08-02T03:37:05.220Z

NVD

Status : Deferred

Published: 2024-07-11T21:15:12.507

Modified: 2026-04-15T00:35:42.020

Link: CVE-2024-36435

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-121

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable yes

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object