"Serious Flaws Found in Supermicro BMC Firmware"
"Serious Flaws Found in Supermicro BMC Firmware"
Multiple flaws in the Baseboard Management Controller (BMC) chip firmware of a wide variety of Supermicro motherboards, when combined, enable an attacker to take complete control of a vulnerable system. The flaws exist in the motherboards' BMC web server. The researchers at Binarly, who discovered the bugs, found that by combining any of three cross-site scripting vulnerabilities with a command-injection vulnerability, an attacker could gain arbitrary code execution and root privileges. Supermicro has released updated firmware for the affected 11, H11, B11, CMM, M11, and H12 motherboards.