VYPR

BMC virtual media

by Supermicro

CVEs (2)

  • CVE-2019-16649Sep 21, 2019
    risk 0.00cvss epss 0.01

    On Supermicro H11, H12, M11, X9, X10, and X11 products, a combination of encryption and authentication problems in the virtual media service allows capture of BMC credentials and data transferred over virtual media devices. Attackers can use captured credentials to connect…

  • CVE-2019-16650Sep 21, 2019
    risk 0.00cvss epss 0.02

    On Supermicro X10 and X11 products, a client's access privileges may be transferred to a different client that later has the same socket file descriptor number. In opportunistic circumstances, an attacker can simply connect to the virtual media service, and then connect virtual…