CVE-2019-16650

On Supermicro X10 and X11 products, a client's access privileges may be transferred to a different client that later has the same socket file descriptor number. In opportunistic circumstances, an attacker can simply connect to the virtual media service, and then connect virtual USB devices to the server managed by the BMC.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
10 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 69%
VendorProductVersion
supermicrox11dai-n_firmware
1.71.5
supermicrox11dac_firmware
1.71.5
supermicrox11dph-tq_firmware
1.71.5
supermicrox11dph-i_firmware
1.71.5
supermicrox11dph-t_firmware
1.71.5
supermicrox11dps-re_firmware
1.71.5
supermicrox11dsf-e_firmware
1.71.5
supermicrox11dsn-ts_firmware
1.71.5
supermicrox11dsn-tsq_firmware
1.71.5
supermicrox11dsc\+_firmware
1.74
supermicrox11ddw-nt_firmware
1.71.5
supermicrox11ddw-l_firmware
1.71.5
supermicrox11dgq_firmware
1.71.5
supermicrox11dpff-sn_firmware
1.71.5
supermicrox11dpfr-sn_firmware
1.71.5
supermicrox11dpfr-s_firmware
1.71.5
supermicrox11dpt-ps_firmware
1.71.5
supermicrox11dpt-b_firmware
1.71.5
supermicrox11dpt-bh_firmware
1.71.5
supermicrox11dpt-l_firmware
3.74
supermicrox11dpu_firmware
1.71.5
supermicrox11dpu-v_firmware
1.71.5
supermicrox11dpu-x_firmware
1.71.5
supermicrox11dpu-xll_firmware
1.71.5
supermicrox11dpu-z\+_firmware
1.71.5
supermicrox11dpu-ze\+_firmware
1.71.5
supermicrox11dpg-sn_firmware
1.71.5
supermicrox11dpg-qt_firmware
1.71.5
supermicrox11dpg-ot-cpu_firmware
1.71.5
supermicrox11dpi-nt_firmware
1.71.5
supermicrox11dpi-n_firmware
1.71.5
supermicrox11dpl-i_firmware
1.71.5
supermicrox11dpx-t_firmware
1.71.5
supermicrox11dgo-t_firmware
1.71.5
supermicrox11sca_firmware
1.71.5
supermicrox11sca-f_firmware
1.71.5
supermicrox11sch-f_firmware
1.23.2
supermicrox11sch-ln4f_firmware
1.23.2
supermicrox11sca-w_firmware
1.71.5
supermicrox11scl-f_firmware
1.23.2
supermicrox11scl-ln4f_firmware
1.23.2
supermicrox11scl-if_firmware
1.23.2
supermicrox11scm-f_firmware
1.23.2
supermicrox11scm-ln8f_firmware
1.23.2
supermicrox11scw-f_firmware
3.75.00
supermicrox11spa-t_firmware
1.71.5
supermicrox11spa-tf_firmware
1.71.5
supermicrox11spi-tf_firmware
1.71.6
supermicrox11spl-f_firmware
1.71.6
supermicrox11spm-f_firmware
1.71.6
supermicrox11spm-tf_firmware
1.71.6
supermicrox11spm-tpf_firmware
1.71.6
supermicrox11sph-nctf_firmware
1.71.6
supermicrox11sph-nctpf_firmware
1.71.6
supermicrox11spw-tf_firmware
1.71.6
supermicrox11spw-ctf_firmware
1.71.6
supermicrox11spg-tf_firmware
1.71.6
supermicrox11sri-if_firmware
3.75.00
supermicrox11srl-f_firmware
3.74.2
supermicrox11srm-f_firmware
1.31.1
supermicrox11srm-vf_firmware
1.31.1
supermicrox11ssl-f_firmware
1.56
supermicrox11ssm-f_firmware
1.56
supermicrox11ssl_firmware
1.56
supermicrox11ssm_firmware
1.56
supermicrox11ssh-f_firmware
1.56
supermicrox11ssh-ln4f_firmware
1.56
supermicrox11ssw-4tf_firmware
1.56
supermicrox11ssw-tf_firmware
1.56
supermicrox11ssw-f_firmware
1.71.5
supermicrox11ssi-ln4f_firmware
1.71.5
supermicrox11ssw-f_firmware
3.85.00
supermicrox11ssh-tf_firmware
1.56
supermicrox11ssh-ctf_firmware
1.56
supermicrox11ssl-cf_firmware
1.56
supermicrox11ssl-nf_firmware
1.56
supermicrox11ssh-gf-1585_firmware
1.56
supermicrox11ssh-gf-1585l_firmware
1.56
supermicrox11ssh-gtf-1585_firmware
1.56
supermicrox11ssh-gtf-1585l_firmware
1.56
supermicrob11dpt_firmware
3.68
supermicrob11dpe_firmware
3.68
supermicrob11spe-cpu-tf_firmware
3.68
supermicrob11spe-cpu-25g_firmware
3.68
supermicrob11qpi_firmware
3.68
supermicrox11ssd-f_firmware
3.68
supermicrox11sse-f_firmware
3.68
supermicrob2ss1-cpu_firmware
3.68
supermicrob2ss1-cf_firmware
3.68
supermicrob2ss1-f_firmware
3.68
supermicrob2ss2-f_firmware
3.68
supermicrob2ss1-mtf_firmware
3.68
supermicrob2ss1-h-mtf_firmware
3.68
supermicrob2ss2-mtf_firmware
3.68
supermicrob2ss2-h-mtf_firmware
3.68
supermicrox11scd-f_firmware
3.68
supermicrox11sdd-8c-f_firmware
3.68
supermicrox11sdd-18c-f_firmware
3.68
supermicrox11qph\+_firmware
1.71.5
supermicrox11opi-cpu_firmware
1.71.5
supermicrox11sds-8c_firmware
3.74.2
supermicrox11sds-12c_firmware
3.74.2
supermicrox11sds-16c_firmware
3.74.2
supermicrox10ddw-i_firmware
3.83
supermicrox10ddw-in_firmware
3.83
supermicrox10drs_firmware
3.83
supermicrox10drd-i_firmware
3.83
supermicrox10drd-it_firmware
3.83
supermicrox10drd-int_firmware
3.83
supermicrox10drd-intp_firmware
3.83
supermicrox10drd-itp_firmware
3.83
supermicrox10drd-l_firmware
3.83
supermicrox10drd-lt_firmware
3.83
supermicrox10drd-ltp_firmware
3.83
supermicrox10drx_firmware
3.83
supermicrox10drh-c_firmware
3.83
supermicrox10drh-ct_firmware
3.83
supermicrox10drh-cln4_firmware
3.83
supermicrox10drh-i_firmware
3.83
supermicrox10drh-it_firmware
3.83
supermicrox10drh-iln4_firmware
3.83
supermicrox10dri_firmware
3.83
supermicrox10dri-t_firmware
3.83
supermicrox10drc-ln4\+_firmware
3.83
supermicrox10drc-t4\+_firmware
3.83
supermicrox10dri-ln4\+_firmware
3.83
supermicrox10dri-t4\+_firmware
3.83
supermicrox10drl-ln4_firmware
3.83
supermicrox10drl-i_firmware
3.83
supermicrox10drl-it_firmware
3.83
supermicrox10drl-c_firmware
3.83
supermicrox10drl-ct_firmware
3.83
supermicrox10drt-l_firmware
3.83
supermicrox10drt-libq_firmware
3.83
supermicrox10drt-libf_firmware
3.83
supermicrox10drt-b\+_firmware
3.83
supermicrox10drt-h_firmware
3.83
supermicrox10drt-hibf_firmware
3.83
supermicrox10drt-ps_firmware
3.83
supermicrox10drt-p_firmware
3.83
supermicrox10drt-pt_firmware
3.83
supermicrox10drt-pibq_firmware
3.83
supermicrox10drt-pibf_firmware
3.83
supermicrox10drfr-n_firmware
3.83
supermicrox10drfr-nt_firmware
3.83
supermicrox10drfr_firmware
3.83
supermicrox10drfr-t_firmware
3.83
supermicrox10drff-cg_firmware
3.83
supermicrox10drff-ctg_firmware
3.83
supermicrox10drff-ig_firmware
3.83
supermicrox10drff-itg_firmware
3.83
supermicrox10drff_firmware
3.83
supermicrox10drff-c_firmware
3.83
supermicrox10drw-n_firmware
3.83
supermicrox10drw-nt_firmware
3.83
supermicrox10drw-e_firmware
3.83
supermicrox10drw-et_firmware
3.83
supermicrox10drw-i_firmware
3.83
supermicrox10drw-it_firmware
3.83
supermicrox10dsn-ts_firmware
3.83
supermicrox10drg-ot\+-cpu_firmware
3.83
supermicrox10drg-o\+-cpu_firmware
3.83
supermicrox10dgo-t_firmware
3.83
supermicrox10dgq_firmware
3.83
supermicrox10drg-q_firmware
3.83
supermicrox10drg-h_firmware
3.83
supermicrox10drg-ht_firmware
3.83
supermicrox10dru-i\+_firmware
3.83
supermicrox10dru-x_firmware
3.83
supermicrox10dru-xll_firmware
3.83
supermicrox10dsc\+_firmware
3.83
supermicrox10sra-f_firmware
3.83
supermicrox10sra_firmware
3.83
supermicrox10srd-f_firmware
3.83
supermicrox10srm-f_firmware
3.83
supermicrox10srm-tf_firmware
3.83
supermicrox10srl-f_firmware
3.83
supermicrox10sri-f_firmware
3.83
supermicrox10srh-cf_firmware
3.83
supermicrox10srh-cln4f_firmware
3.83
supermicrox10srg-f_firmware
3.83
supermicrox10srl-f_firmware
3.83
supermicrox10srw-f_firmware
3.83
supermicrox10sae_firmware
3.83
supermicrox10sat_firmware
3.83
supermicrox10slx-f_firmware
3.83
supermicrox10sld-f_firmware
3.83
supermicrox10sld-hf_firmware
3.83
supermicrox10sle-f_firmware
3.83
supermicrox10sle-hf_firmware
3.83
supermicrox10sle-df_firmware
3.83
supermicrox10sl7-f_firmware
3.83
supermicrox10sla-f_firmware
3.83
supermicrox10slh-f_firmware
3.83
supermicrox10sll\+-f_firmware
3.83
supermicrox10sll-f_firmware
3.83
supermicrox10sll-sf_firmware
3.83
supermicrox10sll-s_firmware
3.83
supermicrox10slm-f_firmware
3.83
supermicrox10slm\+-f_firmware
3.83
supermicrox10slm\+-ln4f_firmware
3.83
supermicrox10sde-df_firmware
3.68
supermicrox10sdd-16c-f_firmware
3.68
supermicrox10sdd-f_firmware
3.68
supermicrob1sd1-16c-tf_firmware
3.68
supermicrob1sd1-tf_firmware
3.68
supermicrob1sd2-16c-tf_firmware
3.68
supermicrob1sd2-tf_firmware
3.68
supermicrob10drc_firmware
3.68
supermicrob10drc-n_firmware
3.68
supermicrob10dri_firmware
3.68
supermicrob10dri-n_firmware
3.68
supermicrob10drg-ibf_firmware
3.68
supermicrob10drg-ibf2_firmware
3.68
supermicrob10drg-tp_firmware
3.68
supermicrob10drt_firmware
3.68
supermicrob10drt-ibf_firmware
3.68
supermicrob10drt-ibf2_firmware
3.68
supermicrob10drt-tp_firmware
3.68
supermicrox10qrh\+_firmware
3.80
supermicrox10qbl-4_firmware
3.80
supermicrox10qbl-4ct_firmware
3.80
supermicrox10qbl_firmware
3.80
supermicrox10qbl-ct_firmware
3.80
supermicrox10qbi_firmware
3.81
supermicrox10obi-cpu_firmware
3.83
supermicrox10dbt-t_firmware
3.83
supermicrox10sdv-7tp8f_firmware
3.83
supermicrox10sdv-7tp4f_firmware
3.83
supermicrox10sdv-2c-7tp4f_firmware
3.83
supermicrox10sdv-4c-7tp4f_firmware
3.83
supermicrox10sdv-2c-tp4f_firmware
3.83
supermicrox10sdv-4c\+-tp4f_firmware
3.83
supermicrox10sdv-2c-tp8f_firmware
3.83
supermicrox10sdv-tp8f_firmware
3.83
supermicrox10sdv-f_firmware
3.83
supermicrox10sdv-tln4f_firmware
3.83
supermicrox10sdv-8c-tln4f_firmware
3.83
supermicrox10sdv-6c-tln4f_firmware
3.83
supermicrox10sdv-2c-tln2f_firmware
3.83
supermicrox10sdv-4c-tln2f_firmware
3.83
supermicrox10sdv-4c-tln4f_firmware
3.83
supermicrox10sdv-4c\+-tln4f_firmware
3.83
supermicrox10sdv-6c\+-tln4f_firmware
3.83
supermicrox10sdv-8c-tln4f\+_firmware
3.83
supermicrox10sdv-8c\+-ln2f_firmware
3.83
supermicrox10sdv-12c-tln4f_firmware
3.83
supermicrox10sdv-12c-tln4f\+_firmware
3.83
supermicrox10sdv-12c\+-tln4f_firmware
3.83
supermicrox10sdv-16c\+-tln4f_firmware
3.83
supermicrox10sdv-16c-tln4f\+_firmware
3.83
supermicrox10sdv-16c-tln4f_firmware
3.83
supermicroa1srm-ln7f-2358_firmware
3.83
supermicroa1srm-ln7f-2758_firmware
3.83
supermicroa1srm-ln5f-2358_firmware
3.83
supermicroa1sa2-2750f_firmware
3.83
supermicroa1sam-2750f_firmware
3.83
supermicroa1sam-2550f_firmware
3.83
supermicroa1srm-2758f_firmware
3.83
supermicroa1srm-2558f_firmware
3.83
supermicroa1sai-2750f_firmware
3.83
supermicroa1sai-2550f_firmware
3.83
supermicroa1sri-2758f_firmware
3.83
supermicroa1sri-2558f_firmware
3.83
supermicroa1sri-2358f_firmware
3.83
𝑥
= Vulnerable software versions
References
https://eclypsium.com/2019/09/03/usbanywhere-bmc-vulnerability-opens-servers-to-remote-attack/
https://github.com/eclypsium/USBAnywhere
https://www.supermicro.com/support/security_BMC_virtual_media.cfm
https://eclypsium.com/2019/09/03/usbanywhere-bmc-vulnerability-opens-servers-to-remote-attack/
https://github.com/eclypsium/USBAnywhere
https://www.supermicro.com/support/security_BMC_virtual_media.cfm