CVE-2024-36435 - Vulnerability Details

An issue was discovered on Supermicro BMC firmware in select X11, X12, H12, B12, X13, H13, and B13 motherboards (and CMM6 modules). An unauthenticated user can post crafted data to the interface that triggers a stack buffer overflow, and may lead to arbitrary remote code execution on a BMC.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.1287.

Exploitation none

Automatable yes

Technical Impact total

Vendors	Products
Supermicro Subscribe	B12dpe-6 Firmware Subscribe B12dpt-6 Firmware Subscribe B12spe-cpu-25g Firmware Subscribe B13dee Firmware Subscribe B13det Firmware Subscribe B13see-cpu-25g Firmware Subscribe B13seg Firmware Subscribe H12dgo-6 Firmware Subscribe H12dgq-nt6 Firmware Subscribe H12dsg-o-cpu Firmware Subscribe H12dsg-q-cpu6 Firmware Subscribe H12dsi-n6 Firmware Subscribe H12dsi-nt6 Firmware Subscribe H12dst-b Firmware Subscribe H12dsu-in Firmware Subscribe H12dsu-inr Firmware Subscribe H12ssff-an6 Firmware Subscribe H12ssfr-an6 Firmware Subscribe H12ssg-an6 Firmware Subscribe H12ssg-anp6 Firmware Subscribe H12ssl-c Firmware Subscribe H12ssl-i Firmware Subscribe H12ssl-nt Firmware Subscribe H12sst-ps Firmware Subscribe H12ssw-an6 Firmware Subscribe H12ssw-in Firmware Subscribe H12ssw-inl Firmware Subscribe H12ssw-inr Firmware Subscribe H12ssw-nt Firmware Subscribe H12ssw-ntl Firmware Subscribe H12ssw-ntr Firmware Subscribe H13dsg-o-cpu-d Firmware Subscribe H13dsg-o-cpu Firmware Subscribe H13dsg-om Firmware Subscribe H13dsh Firmware Subscribe H13sae-mf Firmware Subscribe H13sra-f Firmware Subscribe H13sra-tf Firmware Subscribe H13srd-f Firmware Subscribe H13ssf Firmware Subscribe H13ssh Firmware Subscribe H13ssl-n Firmware Subscribe H13ssl-nt Firmware Subscribe H13sst-g Firmware Subscribe H13sst-gc Firmware Subscribe H13ssw Firmware Subscribe H13svw-n Firmware Subscribe H13svw-nt Firmware Subscribe X11dac Firmware Subscribe X11dai-n Firmware Subscribe X11ddw-l Firmware Subscribe X11ddw-nt Firmware Subscribe X11dgo-t Firmware Subscribe X11dgq Firmware Subscribe X11dpd-l Firmware Subscribe X11dpd-m25 Firmware Subscribe X11dpff-sn Firmware Subscribe X11dpff-snr Firmware Subscribe X11dpfr-s Firmware Subscribe X11dpfr-sn Firmware Subscribe X11dpg-hgx2 Firmware Subscribe X11dpg-ot-cpu Firmware Subscribe X11dpg-qt Firmware Subscribe X11dpg-sn Firmware Subscribe X11dph-i Firmware Subscribe X11dph-t Firmware Subscribe X11dph-tq Firmware Subscribe X11dpi-n Firmware Subscribe X11dpi-nt Firmware Subscribe X11dpl-i Firmware Subscribe X11dps-re Firmware Subscribe X11dpt-b Firmware Subscribe X11dpt-bh Firmware Subscribe X11dpt-br Firmware Subscribe X11dpt-l Firmware Subscribe X11dpt-ps Firmware Subscribe X11dpu-r Firmware Subscribe X11dpu-v Firmware Subscribe X11dpu-x Firmware Subscribe X11dpu-xll Firmware Subscribe X11dpu-z\+ Firmware Subscribe X11dpu-ze\+ Firmware Subscribe X11dpu Firmware Subscribe X11dpx-t Firmware Subscribe X11dsc\+ Firmware Subscribe X11dsc Firmware Subscribe X11dsf-e Firmware Subscribe X11dsn-ts Firmware Subscribe X11dsn-tsq Firmware Subscribe X11opi-cpu-cl Firmware Subscribe X11opi-cpu Firmware Subscribe X11pdg-ot Firmware Subscribe X11pdg-qt Firmware Subscribe X11pdg-sn Firmware Subscribe X11qph\+ Firmware Subscribe X11qpl Firmware Subscribe X11saa Firmware Subscribe X11sae-f Firmware Subscribe X11sae-m Firmware Subscribe X11sae Firmware Subscribe X11sae M Firmware Subscribe X11san-wohs Firmware Subscribe X11san Firmware Subscribe X11sat-f Firmware Subscribe X11sat Firmware Subscribe X11sba-f Firmware Subscribe X11sba-ln4f Firmware Subscribe X11sba Firmware Subscribe X11sca-f Firmware Subscribe X11sca-w Firmware Subscribe X11sca Firmware Subscribe X11scd-f Firmware Subscribe X11sce-f Firmware Subscribe X11sch-f Firmware Subscribe X11sch-ln4f Firmware Subscribe X11scl-f Firmware Subscribe X11scl-if Firmware Subscribe X11scl-ln4f Firmware Subscribe X11scm-f Firmware Subscribe X11scm-ln8f Firmware Subscribe X11scq-l Firmware Subscribe X11scq Firmware Subscribe X11scv-l Firmware Subscribe X11scv-q Firmware Subscribe X11scz-f Firmware Subscribe X11scz-q Firmware Subscribe X11sdc-16c Firmware Subscribe X11sdc-4c Firmware Subscribe X11sdc-8c Firmware Subscribe X11sdd-18c-f Firmware Subscribe X11sdd-8c-f Firmware Subscribe X11sds-12c Firmware Subscribe X11sds-14c Firmware Subscribe X11sds-16c Firmware Subscribe X11sds-8c Firmware Subscribe X11sdv-12c-tln2f Firmware Subscribe X11sdv-12c-tp8f Firmware Subscribe X11sdv-16c-tln2f Firmware Subscribe X11sdv-16c-tp8f Firmware Subscribe X11sdv-16c\+-tln2f Firmware Subscribe X11sdv-4c-tln2f Firmware Subscribe X11sdv-4c-tp8f-01 Firmware Subscribe X11sdv-4c-tp8f Firmware Subscribe X11sdv-8c-tln2f Firmware Subscribe X11sdv-8c-tp8f Firmware Subscribe X11sdv-8c\+-tln2f Firmware Subscribe X11sdw-12c-tp13f Firmware Subscribe X11sdw-14c-tp13f Firmware Subscribe X11sdw-14cn-tp13f\+ Firmware Subscribe X11sdw-14cnt-tp13f Firmware Subscribe X11sdw-16c-tp13f\+ Firmware Subscribe X11sdw-16c-tp13f Firmware Subscribe X11sdw-4c-tp13f\+ Firmware Subscribe X11sdw-4c-tp13f Firmware Subscribe X11sdw-8c-tp13f Firmware Subscribe X11spa-t Firmware Subscribe X11spa-tf Firmware Subscribe X11spd-f Firmware Subscribe X11spg-tf Firmware Subscribe X11sph-nctf Firmware Subscribe X11sph-nctpf Firmware Subscribe X11spi-tf Firmware Subscribe X11spl-f Firmware Subscribe X11spm-f Firmware Subscribe X11spm-tf Firmware Subscribe X11spm-tpf Firmware Subscribe X11spw-ctf Firmware Subscribe X11spw-tf Firmware Subscribe X11sra-f Firmware Subscribe X11sra-rf Firmware Subscribe X11sra Firmware Subscribe X11sri-if Firmware Subscribe X11srl-f Firmware Subscribe X11srm-f Firmware Subscribe X11srm-vf Firmware Subscribe X11srm Firmware Subscribe X11ssa-f Firmware Subscribe X11ssd-f Firmware Subscribe X11sse-f Firmware Subscribe X11ssh-ctf Firmware Subscribe X11ssh-f Firmware Subscribe X11ssh-gf-1585 Firmware Subscribe X11ssh-gf-1585l Firmware Subscribe X11ssh-gtf-1585 Firmware Subscribe X11ssh-gtf-1585l Firmware Subscribe X11ssh-ln4f Firmware Subscribe X11ssh-tf Firmware Subscribe X11ssi-ln4f Firmware Subscribe X11ssl-cf Firmware Subscribe X11ssl-f Firmware Subscribe X11ssl-nf Firmware Subscribe X11ssl Firmware Subscribe X11ssm-f Firmware Subscribe X11ssm Firmware Subscribe X11ssn-e-001 Firmware Subscribe X11ssn-e-vdc Firmware Subscribe X11ssn-e-wohs Firmware Subscribe X11ssn-e Firmware Subscribe X11ssn-h-001 Firmware Subscribe X11ssn-h-vdc Firmware Subscribe X11ssn-h-wohs Firmware Subscribe X11ssn-h Firmware Subscribe X11ssn-l-001 Firmware Subscribe X11ssn-l-vdc Firmware Subscribe X11ssn-l-wohs Firmware Subscribe X11ssn-l Firmware Subscribe X11ssn Firmware Subscribe X11ssq-l Firmware Subscribe X11ssq Firmware Subscribe X11ssql Firmware Subscribe X11ssv-lvds Firmware Subscribe X11ssv-m4 Firmware Subscribe X11ssv-m4f Firmware Subscribe X11ssv-q Firmware Subscribe X11ssw-4tf Firmware Subscribe X11ssw-f Firmware Subscribe X11ssw-tf Firmware Subscribe X11ssz-f Firmware Subscribe X11ssz-qf Firmware Subscribe X11ssz Firmware Subscribe X11swn-c-wohs Firmware Subscribe X11swn-e-wohs Firmware Subscribe X11swn-e Firmware Subscribe X11swn-h-wohs Firmware Subscribe X11swn-h Firmware Subscribe X11swn-l-wohs Firmware Subscribe X11swn-l Firmware Subscribe X12dai-n6 Firmware Subscribe X12ddw-a6 Firmware Subscribe X12dgo-6 Firmware Subscribe X12dgq-r Firmware Subscribe X12dgu Firmware Subscribe X12dhm-6 Firmware Subscribe X12dpd-a6m25 Firmware Subscribe X12dpfr-an6 Firmware Subscribe X12dpg-ar Firmware Subscribe X12dpg-oa6-gd2 Firmware Subscribe X12dpg-oa6 Firmware Subscribe X12dpg-qbt6 Firmware Subscribe X12dpg-qr Firmware Subscribe X12dpg-qt6 Firmware Subscribe X12dpg-u6 Firmware Subscribe X12dpi-n6 Firmware Subscribe X12dpi-nt6 Firmware Subscribe X12dpl-i6 Firmware Subscribe X12dpl-nt6 Firmware Subscribe X12dpt-b6 Firmware Subscribe X12dpt-pt46 Firmware Subscribe X12dpt-pt6 Firmware Subscribe X12dpu-6 Firmware Subscribe X12qch\+ Firmware Subscribe X12sae-5 Firmware Subscribe X12sae Firmware Subscribe X12sca-5f Firmware Subscribe X12sca-f Firmware Subscribe X12scq Firmware Subscribe X12scv-lvds Firmware Subscribe X12scv-w Firmware Subscribe X12scz-f Firmware Subscribe X12scz-qf Firmware Subscribe X12scz-tln4f Firmware Subscribe X12sdv-10c-sp6f Firmware Subscribe X12sdv-10c-spt4f Firmware Subscribe X12sdv-14c-spt8f Firmware Subscribe X12sdv-16c-spt8f Firmware Subscribe X12sdv-20c-spt8f Firmware Subscribe X12sdv-4c-sp6f Firmware Subscribe X12sdv-4c-spt4f Firmware Subscribe X12sdv-4c-spt8f Firmware Subscribe X12sdv-8c-sp6f Firmware Subscribe X12sdv-8c-spt4f Firmware Subscribe X12sdv-8c-spt8f Firmware Subscribe X12sdv-8ce-sp4f Firmware Subscribe X12spa-tf Firmware Subscribe X12sped-f Firmware Subscribe X12spg-nf Firmware Subscribe X12spi-tf Firmware Subscribe X12spl-f Firmware Subscribe X12spl-ln4f Firmware Subscribe X12spm-ln4f Firmware Subscribe X12spm-ln6tf Firmware Subscribe X12spm-tf Firmware Subscribe X12spo-f Firmware Subscribe X12spo-ntf Firmware Subscribe X12spt-g Firmware Subscribe X12spt-gc Firmware Subscribe X12spt-pt Firmware Subscribe X12spw-f Firmware Subscribe X12spw-tf Firmware Subscribe X12spz-ln4f Firmware Subscribe X12spz-spln6f Firmware Subscribe X12std-f Firmware Subscribe X12ste-f Firmware Subscribe X12sth-f Firmware Subscribe X12sth-ln4f Firmware Subscribe X12sth-sys Firmware Subscribe X12stl-f Firmware Subscribe X12stl-if Firmware Subscribe X12stn-c-wohs Firmware Subscribe X12stn-c Firmware Subscribe X12stn-e-wohs Firmware Subscribe X12stn-e Firmware Subscribe X12stn-h-wohs Firmware Subscribe X12stn-h Firmware Subscribe X12stn-l-wohs Firmware Subscribe X12stn-l Firmware Subscribe X12stw-f Firmware Subscribe X12stw-tf Firmware Subscribe X13dai-t Firmware Subscribe X13ddw-a Firmware Subscribe X13deg-oa Firmware Subscribe X13deg-oad Firmware Subscribe X13deg-pvc Firmware Subscribe X13deg-qt Firmware Subscribe X13deh Firmware Subscribe X13dei-t Firmware Subscribe X13dei Firmware Subscribe X13dem Firmware Subscribe X13det-b Firmware Subscribe X13dgu Firmware Subscribe X13dsf-a Firmware Subscribe X13qeh\+ Firmware Subscribe X13sae-f Firmware Subscribe X13sae Firmware Subscribe X13san-c-wohs Firmware Subscribe X13san-c Firmware Subscribe X13san-e-wohs Firmware Subscribe X13san-e Firmware Subscribe X13san-h-wohs Firmware Subscribe X13san-h Firmware Subscribe X13san-l-wohs Firmware Subscribe X13san-l Firmware Subscribe X13saq Firmware Subscribe X13sav-lvds Firmware Subscribe X13sav-ps Firmware Subscribe X13saz-f Firmware Subscribe X13saz-q Firmware Subscribe X13sedw-f Firmware Subscribe X13seed-f Firmware Subscribe X13seed-sf Firmware Subscribe X13sefr-a Firmware Subscribe X13sei-f Firmware Subscribe X13sei-tf Firmware Subscribe X13sem-f Firmware Subscribe X13sem-tf Firmware Subscribe X13set-g Firmware Subscribe X13set-gc Firmware Subscribe X13sew-f Firmware Subscribe X13sew-tf Firmware Subscribe X13sra-tf Firmware Subscribe X13srn-e-wohs Firmware Subscribe X13srn-e Firmware Subscribe X13srn-h-wohs Firmware Subscribe X13srn-h Firmware Subscribe X13swa-tf Firmware Subscribe

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2024-36083	An issue was discovered on Supermicro BMC firmware in select X11, X12, H12, B12, X13, H13, and B13 motherboards (and CMM6 modules). An unauthenticated user can post crafted data to the interface that triggers a stack buffer overflow, and may lead to arbitrary remote code execution on a BMC.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://www.supermicro.com/zh_tw/support/security_BMC_IPMI_Jul_2024

History

No history.

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-07-11T00:00:00

Updated: 2024-08-02T03:37:05.220Z

Reserved: 2024-05-27T00:00:00

Link: CVE-2024-36435

Vulnrichment

Updated: 2024-07-22T14:00:43.844Z

NVD

Status : Awaiting Analysis

Published: 2024-07-11T21:15:12.507

Modified: 2024-11-21T09:22:10.433

Link: CVE-2024-36435

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-121

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable yes

Technical Impact total

Affected Vendors & Products

Projects

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable yes

Technical Impact total

Affected Vendors & Products

Projects

JSON object

JSON object

JSON object

JSON object

JSON object