CVE-2023-35861

A shell-injection vulnerability in email notifications on Supermicro motherboards (such as H12DST-B before 03.10.35) allows remote attackers to inject execute arbitrary commands as root on the BMC.
OS Command Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 75%
VendorProductVersion
supermicroh12dst-b_firmware
𝑥
< 03.10.35
supermicrox13dai-t_firmware
-
supermicrox13ddw-a_firmware
-
supermicrox13deg-oa_firmware
-
supermicrox13deg-oad_firmware
-
supermicrox13deg-pvc_firmware
-
supermicrox13deg-qt_firmware
-
supermicrox13dei_firmware
-
supermicrox13dei-t_firmware
-
supermicrox13dem_firmware
-
supermicrox13det-b_firmware
-
supermicrox13dgu_firmware
-
supermicrox13dsf-a_firmware
-
supermicrox13qeh\+_firmware
-
supermicrox13sae_firmware
-
supermicrox13sae-f_firmware
-
supermicrox13san-c_firmware
-
supermicrox13san-c-wohs_firmware
-
supermicrox13san-e_firmware
-
supermicrox13san-e-wohs_firmware
-
supermicrox13san-h_firmware
-
supermicrox13san-h-wohs_firmware
-
supermicrox13san-l_firmware
-
supermicrox13san-l-wohs_firmware
-
supermicrox13saq_firmware
-
supermicrox13sav-lvds_firmware
-
supermicrox13sav-ps_firmware
-
supermicrox13saz-f_firmware
-
supermicrox13saz-q_firmware
-
supermicrox13sedw-f_firmware
-
supermicrox13seed-f_firmware
-
supermicrox13seed-sf_firmware
-
supermicrox13sefr-a_firmware
-
supermicrox13sei-f_firmware
-
supermicrox13sei-tf_firmware
-
supermicrox13sem-f_firmware
-
supermicrox13sem-tf_firmware
-
supermicrox13set-g_firmware
-
supermicrox13set-gc_firmware
-
supermicrox13sew-f_firmware
-
supermicrox13sew-tf_firmware
-
supermicrox13sra-tf_firmware
-
supermicrox13srn-e_firmware
-
supermicrox13srn-e-wohs_firmware
-
supermicrox13srn-h_firmware
-
supermicrox13srn-h-wohs_firmware
-
supermicrox13swa-tf_firmware
-
supermicroh13dsg-o-cpu_firmware
-
supermicroh13dsg-o-cpu-d_firmware
-
supermicroh13dsh_firmware
-
supermicroh13sae-mf_firmware
-
supermicroh13srd-f_firmware
-
supermicroh13ssf_firmware
-
supermicroh13ssh_firmware
-
supermicroh13ssl-n_firmware
-
supermicroh13ssl-nt_firmware
-
supermicroh13sst-g_firmware
-
supermicroh13sst-gc_firmware
-
supermicroh13ssw_firmware
-
supermicrox12dai-n6_firmware
-
supermicrox12ddw-a6_firmware
-
supermicrox12dgo-6_firmware
-
supermicrox12dgq-r_firmware
-
supermicrox12dgu_firmware
-
supermicrox12dhm-6_firmware
-
supermicrox12dpd-a6m25_firmware
-
supermicrox12dpfr-an6_firmware
-
supermicrox12dpg-ar_firmware
-
supermicrox12dpg-oa6_firmware
-
supermicrox12dpg-oa6-gd2_firmware
-
supermicrox12dpg-qbt6_firmware
-
supermicrox12dpg-qr_firmware
-
supermicrox12dpg-qt6_firmware
-
supermicrox12dpg-u6_firmware
-
supermicrox12dpi-n6_firmware
-
supermicrox12dpi-nt6_firmware
-
supermicrox12dpl-i6_firmware
-
supermicrox12dpl-nt6_firmware
-
supermicrox12dpt-b6_firmware
-
supermicrox12dpt-pt46_firmware
-
supermicrox12dpt-pt6_firmware
-
supermicrox12dpu-6_firmware
-
supermicrox12dsc-6_firmware
-
supermicrox12qch\+_firmware
-
supermicrox12sae_firmware
-
supermicrox12sae-5_firmware
-
supermicrox12sca-5f_firmware
-
supermicrox12sca-f_firmware
-
supermicrox12scq_firmware
-
supermicrox12scv-lvds_firmware
-
supermicrox12scv-w_firmware
-
supermicrox12scz-f_firmware
-
supermicrox12scz-qf_firmware
-
supermicrox12scz-tln4f_firmware
-
supermicrox12sdv-10c-sp6f_firmware
-
supermicrox12sdv-10c-spt4f_firmware
-
supermicrox12sdv-14c-spt8f_firmware
-
supermicrox12sdv-16c-spt8f_firmware
-
supermicrox12sdv-20c-spt8f_firmware
-
supermicrox12sdv-4c-sp6f_firmware
-
supermicrox12sdv-4c-spt4f_firmware
-
supermicrox12sdv-4c-spt8f_firmware
-
supermicrox12sdv-8c-sp6f_firmware
-
supermicrox12sdv-8c-spt4f_firmware
-
supermicrox12sdv-8c-spt8f_firmware
-
supermicrox12sdv-8ce-sp4f_firmware
-
supermicrox12spa-tf_firmware
-
supermicrox12sped-f_firmware
-
supermicrox12spg-nf_firmware
-
supermicrox12spi-tf_firmware
-
supermicrox12spl-f_firmware
-
supermicrox12spl-ln4f_firmware
-
supermicrox12spm-ln4f_firmware
-
supermicrox12spm-ln6tf_firmware
-
supermicrox12spm-tf_firmware
-
supermicrox12spo-f_firmware
-
supermicrox12spo-ntf_firmware
-
supermicrox12spt-g_firmware
-
supermicrox12spt-gc_firmware
-
supermicrox12spt-pt_firmware
-
supermicrox12spw-f_firmware
-
supermicrox12spw-tf_firmware
-
supermicrox12spz-ln4f_firmware
-
supermicrox12spz-spln6f_firmware
-
supermicrox12std-f_firmware
-
supermicrox12ste-f_firmware
-
supermicrox12sth-f_firmware
-
supermicrox12sth-ln4f_firmware
-
supermicrox12sth-sys_firmware
-
supermicrox12stl-f_firmware
-
supermicrox12stl-if_firmware
-
supermicrox12stn-c_firmware
-
supermicrox12stn-c-wohs_firmware
-
supermicrox12stn-e_firmware
-
supermicrox12stn-e-wohs_firmware
-
supermicrox12stn-h_firmware
-
supermicrox12stn-h-wohs_firmware
-
supermicrox12stn-l_firmware
-
supermicrox12stn-l-wohs_firmware
-
supermicrox12stw-f_firmware
-
supermicrox12stw-tf_firmware
-
supermicroh12ssw-ntr_firmware
-
supermicroh12ssw-ntl_firmware
-
supermicroh12ssw-nt_firmware
-
supermicroh12ssw-inr_firmware
-
supermicroh12ssw-inl_firmware
-
supermicroh12ssw-in_firmware
-
supermicroh12ssw-an6_firmware
-
supermicroh12sst-ps_firmware
-
supermicroh12ssl-nt_firmware
-
supermicroh12ssl-i_firmware
-
supermicroh12ssl-ct_firmware
-
supermicroh12ssl-c_firmware
-
supermicroh12ssg-anp6_firmware
-
supermicroh12ssg-an6_firmware
-
supermicroh12ssfr-an6_firmware
-
supermicroh12ssff-an6_firmware
-
supermicroh12dsu-inr_firmware
-
supermicroh12dsu-in_firmware
-
supermicroh12dst-b_firmware
-
supermicroh12dsi-nt6_firmware
-
supermicroh12dsi-n6_firmware
-
supermicroh12dsg-q-cpu6_firmware
-
supermicroh12dsg-o-cpu_firmware
-
supermicroh12dgq-nt6_firmware
-
supermicroh12dgo-6_firmware
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://blog.freax13.de/cve/cve-2023-35861
https://www.supermicro.com/en/products/motherboards
https://www.supermicro.com/en/support/security_SMTP_Jun_2023
https://blog.freax13.de/cve/cve-2023-35861
https://www.supermicro.com/en/products/motherboards
https://www.supermicro.com/en/support/security_SMTP_Jun_2023