CVE-2023-33411

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Dec 7, 2023

Updated: Dec 12, 2023

CWE ID 22

Summary

CVE-2023-33411 is a vulnerability affecting Supermicro X11 and M11 devices with IPMI baseboard management controllers and firmware versions up to 3.17.02. This issue enables remote, unauthenticated users to perform directory traversal, potentially exposing sensitive information. The vulnerability lies in the web server component of the IPMI BMC, allowing attackers to access files outside of the intended directory, increasing the risk of information disclosure. Organizations using these devices should update their firmware to mitigate this security concern.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Super Micro Computer, Inc.

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/tucN3p
https://www.cve.org/CVERecord?id=CVE-2023-33411
https://nvd.nist.gov/vuln/detail/CVE-2023-33411

Back to Vulnerability Database

CVE-2023-33411

CVSS 3.1 Score 7.5 of 10 (high)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations