CVE-2019-16649

On Supermicro H11, H12, M11, X9, X10, and X11 products, a combination of encryption and authentication problems in the virtual media service allows capture of BMC credentials and data transferred over virtual media devices. Attackers can use captured credentials to connect virtual USB devices to the server managed by the BMC.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
10 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 35%
VendorProductVersion
supermicrox11dai-n_firmware
1.71.5
supermicrox11dac_firmware
1.71.5
supermicrox11dph-tq_firmware
1.71.5
supermicrox11dph-i_firmware
1.71.5
supermicrox11dph-t_firmware
1.71.5
supermicrox11dps-re_firmware
1.71.5
supermicrox11dsf-e_firmware
1.71.5
supermicrox11dsn-ts_firmware
1.71.5
supermicrox11dsn-tsq_firmware
1.71.5
supermicrox11dsc\+_firmware
1.74
supermicrox11ddw-nt_firmware
1.71.5
supermicrox11ddw-l_firmware
1.71.5
supermicrox11dgq_firmware
1.71.5
supermicrox11dpff-sn_firmware
1.71.5
supermicrox11dpfr-sn_firmware
1.71.5
supermicrox11dpfr-s_firmware
1.71.5
supermicrox11dpt-ps_firmware
1.71.5
supermicrox11dpt-b_firmware
1.71.5
supermicrox11dpt-bh_firmware
1.71.5
supermicrox11dpt-l_firmware
3.74
supermicrox11dpu_firmware
1.71.5
supermicrox11dpu-v_firmware
1.71.5
supermicrox11dpu-x_firmware
1.71.5
supermicrox11dpu-xll_firmware
1.71.5
supermicrox11dpu-z\+_firmware
1.71.5
supermicrox11dpu-ze\+_firmware
1.71.5
supermicrox11dpg-sn_firmware
1.71.5
supermicrox11dpg-qt_firmware
1.71.5
supermicrox11dpg-ot-cpu_firmware
1.71.5
supermicrox11dpi-nt_firmware
1.71.5
supermicrox11dpi-n_firmware
1.71.5
supermicrox11dpl-i_firmware
1.71.5
supermicrox11dpx-t_firmware
1.71.5
supermicrox11dgo-t_firmware
1.71.5
supermicrox11sca_firmware
1.71.5
supermicrox11sca-f_firmware
1.71.5
supermicrox11sch-f_firmware
1.23.2
supermicrox11sch-ln4f_firmware
1.23.2
supermicrox11sca-w_firmware
1.71.5
supermicrox11scl-f_firmware
1.23.2
supermicrox11scl-ln4f_firmware
1.23.2
supermicrox11scl-if_firmware
1.23.2
supermicrox11scm-f_firmware
1.23.2
supermicrox11scm-ln8f_firmware
1.23.2
supermicrox11scw-f_firmware
3.75.00
supermicrox11spa-t_firmware
1.71.5
supermicrox11spa-tf_firmware
1.71.5
supermicrox11spi-tf_firmware
1.71.6
supermicrox11spl-f_firmware
1.71.6
supermicrox11spm-f_firmware
1.71.6
supermicrox11spm-tf_firmware
1.71.6
supermicrox11spm-tpf_firmware
1.71.6
supermicrox11sph-nctf_firmware
1.71.6
supermicrox11sph-nctpf_firmware
1.71.6
supermicrox11spw-tf_firmware
1.71.6
supermicrox11spw-ctf_firmware
1.71.6
supermicrox11spg-tf_firmware
1.71.6
supermicrox11sri-if_firmware
3.75.00
supermicrox11srl-f_firmware
3.74.2
supermicrox11srm-f_firmware
1.31.1
supermicrox11srm-vf_firmware
1.31.1
supermicrox11ssl-f_firmware
1.56
supermicrox11ssm-f_firmware
1.56
supermicrox11ssl_firmware
1.56
supermicrox11ssm_firmware
1.56
supermicrox11ssh-f_firmware
1.56
supermicrox11ssh-ln4f_firmware
1.56
supermicrox11ssw-4tf_firmware
1.56
supermicrox11ssw-tf_firmware
1.56
supermicrox11ssw-f_firmware
1.71.5
supermicrox11ssi-ln4f_firmware
1.71.5
supermicrox11ssw-f_firmware
3.85.00
supermicrox11ssh-tf_firmware
1.56
supermicrox11ssh-ctf_firmware
1.56
supermicrox11ssl-cf_firmware
1.56
supermicrox11ssl-nf_firmware
1.56
supermicrox11ssh-gf-1585_firmware
1.56
supermicrox11ssh-gf-1585l_firmware
1.56
supermicrox11ssh-gtf-1585_firmware
1.56
supermicrox11ssh-gtf-1585l_firmware
1.56
supermicrob11dpt_firmware
3.68
supermicrob11dpe_firmware
3.68
supermicrob11spe-cpu-tf_firmware
3.68
supermicrob11spe-cpu-25g_firmware
3.68
supermicrob11qpi_firmware
3.68
supermicrox11ssd-f_firmware
3.68
supermicrox11sse-f_firmware
3.68
supermicrob2ss1-cpu_firmware
3.68
supermicrob2ss1-cf_firmware
3.68
supermicrob2ss1-f_firmware
3.68
supermicrob2ss2-f_firmware
3.68
supermicrob2ss1-mtf_firmware
3.68
supermicrob2ss1-h-mtf_firmware
3.68
supermicrob2ss2-mtf_firmware
3.68
supermicrob2ss2-h-mtf_firmware
3.68
supermicrox11scd-f_firmware
3.68
supermicrox11sdd-8c-f_firmware
3.68
supermicrox11sdd-18c-f_firmware
3.68
supermicrox11qph\+_firmware
1.71.5
supermicrox11opi-cpu_firmware
1.71.5
supermicrox11sds-8c_firmware
3.74.2
supermicrox11sds-12c_firmware
3.74.2
supermicrox11sds-16c_firmware
3.74.2
supermicrox10ddw-i_firmware
3.83
supermicrox10ddw-in_firmware
3.83
supermicrox10drs_firmware
3.83
supermicrox10drd-i_firmware
3.83
supermicrox10drd-it_firmware
3.83
supermicrox10drd-int_firmware
3.83
supermicrox10drd-intp_firmware
3.83
supermicrox10drd-itp_firmware
3.83
supermicrox10drd-l_firmware
3.83
supermicrox10drd-lt_firmware
3.83
supermicrox10drd-ltp_firmware
3.83
supermicrox10drx_firmware
3.83
supermicrox10drh-c_firmware
3.83
supermicrox10drh-ct_firmware
3.83
supermicrox10drh-cln4_firmware
3.83
supermicrox10drh-i_firmware
3.83
supermicrox10drh-it_firmware
3.83
supermicrox10drh-iln4_firmware
3.83
supermicrox10dri_firmware
3.83
supermicrox10dri-t_firmware
3.83
supermicrox10drc-ln4\+_firmware
3.83
supermicrox10drc-t4\+_firmware
3.83
supermicrox10dri-ln4\+_firmware
3.83
supermicrox10dri-t4\+_firmware
3.83
supermicrox10drl-ln4_firmware
3.83
supermicrox10drl-i_firmware
3.83
supermicrox10drl-it_firmware
3.83
supermicrox10drl-c_firmware
3.83
supermicrox10drl-ct_firmware
3.83
supermicrox10drt-l_firmware
3.83
supermicrox10drt-libq_firmware
3.83
supermicrox10drt-libf_firmware
3.83
supermicrox10drt-b\+_firmware
3.83
supermicrox10drt-h_firmware
3.83
supermicrox10drt-hibf_firmware
3.83
supermicrox10drt-ps_firmware
3.83
supermicrox10drt-p_firmware
3.83
supermicrox10drt-pt_firmware
3.83
supermicrox10drt-pibq_firmware
3.83
supermicrox10drt-pibf_firmware
3.83
supermicrox10drfr-n_firmware
3.83
supermicrox10drfr-nt_firmware
3.83
supermicrox10drfr_firmware
3.83
supermicrox10drfr-t_firmware
3.83
supermicrox10drff-cg_firmware
3.83
supermicrox10drff-ctg_firmware
3.83
supermicrox10drff-ig_firmware
3.83
supermicrox10drff-itg_firmware
3.83
supermicrox10drff_firmware
3.83
supermicrox10drff-c_firmware
3.83
supermicrox10drw-n_firmware
3.83
supermicrox10drw-nt_firmware
3.83
supermicrox10drw-e_firmware
3.83
supermicrox10drw-et_firmware
3.83
supermicrox10drw-i_firmware
3.83
supermicrox10drw-it_firmware
3.83
supermicrox10dsn-ts_firmware
3.83
supermicrox10drg-ot\+-cpu_firmware
3.83
supermicrox10drg-o\+-cpu_firmware
3.83
supermicrox10dgo-t_firmware
3.83
supermicrox10dgq_firmware
3.83
supermicrox10drg-q_firmware
3.83
supermicrox10drg-h_firmware
3.83
supermicrox10drg-ht_firmware
3.83
supermicrox10dru-i\+_firmware
3.83
supermicrox10dru-x_firmware
3.83
supermicrox10dru-xll_firmware
3.83
supermicrox10dsc\+_firmware
3.83
supermicrox10sra-f_firmware
3.83
supermicrox10sra_firmware
3.83
supermicrox10srd-f_firmware
3.83
supermicrox10srm-f_firmware
3.83
supermicrox10srm-tf_firmware
3.83
supermicrox10srl-f_firmware
3.83
supermicrox10sri-f_firmware
3.83
supermicrox10srh-cf_firmware
3.83
supermicrox10srh-cln4f_firmware
3.83
supermicrox10srg-f_firmware
3.83
supermicrox10srl-f_firmware
3.83
supermicrox10srw-f_firmware
3.83
supermicrox10sae_firmware
3.83
supermicrox10sat_firmware
3.83
supermicrox10slx-f_firmware
3.83
supermicrox10sld-f_firmware
3.83
supermicrox10sld-hf_firmware
3.83
supermicrox10sle-f_firmware
3.83
supermicrox10sle-hf_firmware
3.83
supermicrox10sle-df_firmware
3.83
supermicrox10sl7-f_firmware
3.83
supermicrox10sla-f_firmware
3.83
supermicrox10slh-f_firmware
3.83
supermicrox10sll\+-f_firmware
3.83
supermicrox10sll-f_firmware
3.83
supermicrox10sll-sf_firmware
3.83
supermicrox10sll-s_firmware
3.83
supermicrox10slm-f_firmware
3.83
supermicrox10slm\+-f_firmware
3.83
supermicrox10slm\+-ln4f_firmware
3.83
supermicrox10sde-df_firmware
3.68
supermicrox10sdd-16c-f_firmware
3.68
supermicrox10sdd-f_firmware
3.68
supermicrob1sd1-16c-tf_firmware
3.68
supermicrob1sd1-tf_firmware
3.68
supermicrob1sd2-16c-tf_firmware
3.68
supermicrob1sd2-tf_firmware
3.68
supermicrob10drc_firmware
3.68
supermicrob10drc-n_firmware
3.68
supermicrob10dri_firmware
3.68
supermicrob10dri-n_firmware
3.68
supermicrob10drg-ibf_firmware
3.68
supermicrob10drg-ibf2_firmware
3.68
supermicrob10drg-tp_firmware
3.68
supermicrob10drt_firmware
3.68
supermicrob10drt-ibf_firmware
3.68
supermicrob10drt-ibf2_firmware
3.68
supermicrob10drt-tp_firmware
3.68
supermicrox10qrh\+_firmware
3.80
supermicrox10qbl-4_firmware
3.80
supermicrox10qbl-4ct_firmware
3.80
supermicrox10qbl_firmware
3.80
supermicrox10qbl-ct_firmware
3.80
supermicrox10qbi_firmware
3.81
supermicrox10obi-cpu_firmware
3.83
supermicrox10dbt-t_firmware
3.83
supermicrox10sdv-7tp8f_firmware
3.83
supermicrox10sdv-7tp4f_firmware
3.83
supermicrox10sdv-2c-7tp4f_firmware
3.83
supermicrox10sdv-4c-7tp4f_firmware
3.83
supermicrox10sdv-2c-tp4f_firmware
3.83
supermicrox10sdv-4c\+-tp4f_firmware
3.83
supermicrox10sdv-2c-tp8f_firmware
3.83
supermicrox10sdv-tp8f_firmware
3.83
supermicrox10sdv-f_firmware
3.83
supermicrox10sdv-tln4f_firmware
3.83
supermicrox10sdv-8c-tln4f_firmware
3.83
supermicrox10sdv-6c-tln4f_firmware
3.83
supermicrox10sdv-2c-tln2f_firmware
3.83
supermicrox10sdv-4c-tln2f_firmware
3.83
supermicrox10sdv-4c-tln4f_firmware
3.83
supermicrox10sdv-4c\+-tln4f_firmware
3.83
supermicrox10sdv-6c\+-tln4f_firmware
3.83
supermicrox10sdv-8c-tln4f\+_firmware
3.83
supermicrox10sdv-8c\+-ln2f_firmware
3.83
supermicrox10sdv-12c-tln4f_firmware
3.83
supermicrox10sdv-12c-tln4f\+_firmware
3.83
supermicrox10sdv-12c\+-tln4f_firmware
3.83
supermicrox10sdv-16c\+-tln4f_firmware
3.83
supermicrox10sdv-16c-tln4f\+_firmware
3.83
supermicrox10sdv-16c-tln4f_firmware
3.83
supermicroa1srm-ln7f-2358_firmware
3.83
supermicroa1srm-ln7f-2758_firmware
3.83
supermicroa1srm-ln5f-2358_firmware
3.83
supermicroa1sa2-2750f_firmware
3.83
supermicroa1sam-2750f_firmware
3.83
supermicroa1sam-2550f_firmware
3.83
supermicroa1srm-2758f_firmware
3.83
supermicroa1srm-2558f_firmware
3.83
supermicroa1sai-2750f_firmware
3.83
supermicroa1sai-2550f_firmware
3.83
supermicroa1sri-2758f_firmware
3.83
supermicroa1sri-2558f_firmware
3.83
supermicroa1sri-2358f_firmware
3.83
supermicrom11sdv-8c\+-ln4f_firmware
3.15
supermicrom11sdv-8c-ln4f_firmware
3.15
supermicrom11sdv-8ct-ln4f_firmware
3.15
supermicrom11sdv-4c-ln4f_firmware
3.15
supermicrom11sdv-4ct-ln4f_firmware
3.15
supermicrox9drg-h\(t\)f_firmware
3.3
supermicrox9drh-7\/i\(t\)f_firmware
3.3
supermicrox9dr3\/i-f_firmware
3.3
supermicrox9drt-h_series_firmware
3.3
supermicrox9drt_series_firmware
3.3
supermicrox9dr3\/i-ln4f\+_firmware
3.3
supermicrox9drd-7ln4f_series_firmware
3.3
supermicrox9drd-ef_firmware
3.3
supermicrox9drl-3\/if_firmware
3.3
supermicrox9drw-3ln4f\+\/3tf\+_firmware
3.3
supermicrox9drw-3\/if_firmware
3.3
supermicrox9drw-7\/itpf\+_firmware
3.3
supermicrox9dbl-3\/i\(f\)_firmware
3.3
supermicrox9da7\/e_firmware
3.3
supermicrox9dai_firmware
3.3
supermicrox9db3\/i-\(tp\)f_firmware
3.3
supermicrox9dbs-f\(-2u\)_firmware
3.3
supermicrox9dbu-3\/if_firmware
3.3
supermicrox9dr7\/e-ln4f_firmware
3.3
supermicrox9dr7\/e-tf\+_firmware
3.3
supermicrox9dr7-jln4f_firmware
3.3
supermicrox9drd-l\/if_firmware
3.3
supermicrox9drd-it\+_firmware
3.3
supermicrox9drd-c\(n\)t\+_firmware
3.3
supermicrox9drfr_firmware
3.3
supermicrox9drff\(-7\)_firmware
3.3
supermicrox9drff-7\/i\(t\)\+_firmware
3.3
supermicrox9drff-7\/i\(t\)g\+_firmware
3.3
supermicrox9drg-h\(t\)f\+_firmware
3.3
supermicrox9drg-h\(t\)f\+ii_firmware
3.3
supermicrox9drg-qf_firmware
3.3
supermicrox9drg-o\(t\)f-cpu_firmware
3.3
supermicrox9drl-7\/ef_firmware
3.3
supermicrox9drt-p_series_firmware
3.3
supermicrox9drt-hf\+_firmware
3.3
supermicrox9drw-c\(t\)f31_firmware
3.3
supermicrox9drw-7\/itpf_firmware
3.3
supermicrox9drh-if-nv_firmware
3.3
supermicrox9drx\+-f_firmware
3.3
supermicrox9dax-7\/i\(t\)f_firmware
3.3
supermicrox9dax-7\/if-hft_firmware
3.3
supermicrox9dal-3\/i_firmware
3.3
supermicrox9sre\/i_series_firmware
3.3
supermicrox9srh-7\(t\)f_firmware
3.3
supermicrox9srd-f_firmware
3.3
supermicrox9srw-f_firmware
3.3
supermicrox9srg-f_firmware
3.3
supermicrox9srl\(-f\)_firmware
3.3
supermicrox9sra_firmware
3.3
supermicrox9sae\(-v\)_firmware
2.3
supermicrox9scl\+-f_firmware
2.3
supermicrox9scl\(-f\)_firmware
2.3
supermicrox9scm\(-f\)_firmware
2.3
supermicrox9scd_series_firmware
2.3
supermicrox9sca\(-f\)_firmware
2.3
supermicrox9sci-ln4\(f\)_firmware
2.3
supermicrox9qri-f_firmware
3.3
supermicrox9qr7-tf_firmware
3.3
supermicrox9qri-f\+_firmware
3.3
supermicrox9qr7-tf\+_firmware
3.3
supermicrob9dri_firmware
3.3
supermicrob9dr7_firmware
3.3
supermicrob9drp_firmware
3.3
supermicrob9drg-3m_firmware
3.3
supermicrob9drg-e_firmware
3.3
supermicrob9drg_firmware
3.3
supermicrob9drt_firmware
3.3
supermicrob9qr7\(-tp\)_firmware
3.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://eclypsium.com/2019/09/03/usbanywhere-bmc-vulnerability-opens-servers-to-remote-attack/
https://github.com/eclypsium/USBAnywhere
https://www.supermicro.com/support/security_BMC_virtual_media.cfm
https://eclypsium.com/2019/09/03/usbanywhere-bmc-vulnerability-opens-servers-to-remote-attack/
https://github.com/eclypsium/USBAnywhere
https://www.supermicro.com/support/security_BMC_virtual_media.cfm