"Serious Flaws Found in Supermicro BMC Firmware"

Multiple flaws in the Baseboard Management Controller (BMC) chip firmware of a wide variety of Supermicro motherboards, when combined, enable an attacker to take complete control of a vulnerable system. The flaws exist in the motherboards' BMC web server. The researchers at Binarly, who discovered the bugs, found that by combining any of three cross-site scripting vulnerabilities with a command-injection vulnerability, an attacker could gain arbitrary code execution and root privileges. Supermicro has released updated firmware for the affected 11, H11, B11, CMM, M11, and H12 motherboards. This article continues to discuss the potential exploitation and impact of the vulnerabilities discovered in Supermicro BMC chip firmware.

Decipher reports "Serious Flaws Found in Supermicro BMC Firmware"

Submitted by grigby1