Bmc
by Supermicro
CVEs (37)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-8727 | Hig | 0.47 | 7.2 | 0.00 | Nov 18, 2025 | There is a vulnerability in the Supermicro BMC web function at Supermicro MBD-X13SEDW-F. After logging into the BMC Web server, an attacker can use a specially crafted payload to trigger the Stack buffer overflow vulnerability. | ||
| CVE-2025-8076 | Hig | 0.47 | 7.2 | 0.00 | Nov 18, 2025 | There is a vulnerability in the Supermicro BMC web function at Supermicro MBD-X13SEDW-F. After logging into the BMC Web server, an attacker can use a specially crafted payload to trigger the Stack buffer overflow vulnerability. | ||
| CVE-2025-8404 | Med | 0.36 | 5.5 | 0.00 | Nov 18, 2025 | Stack buffer overflow vulnerability exists in the Supermicro BMC Shared library. An authenticated attacker with access to the BMC exploit stack buffer via a crafted header and achieve arbitrary code execution of the BMC’s firmware operating system. | ||
| CVE-2025-7623 | Med | 0.35 | 5.4 | 0.00 | Nov 18, 2025 | Stack-based buffer overflow in the SMASH-CLP shell. An authenticated attacker with SSH access to the BMC can exploit a stack buffer overflow via a crafted SMASH command, overwrite the return address and registers, and achieve arbitrary code execution on the BMC firmware… | ||
| CVE-2025-7704 | Med | 0.35 | 5.4 | 0.00 | Nov 13, 2025 | Supermicro BMC Insyde SMASH shell program has a stacked-based overflow vulnerability | ||
| CVE-2013-4782 | 0.05 | — | 0.26 | Jul 8, 2013 | The Supermicro BMC implementation allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher zero) and an arbitrary password. | |||
| CVE-2023-34336 | 0.00 | — | 0.01 | Jun 12, 2023 | AMI BMC contains a vulnerability in the IPMI handler, where an attacker with the required privileges can cause a buffer overflow, which may lead to code execution, denial of service, or escalation of privileges. | |||
| CVE-2023-34335 | 0.00 | — | 0.00 | Jun 12, 2023 | AMI BMC contains a vulnerability in the IPMI handler, where an unauthenticated host is allowed to write to a host SPI flash, bypassing secure boot protections. An exploitation of this vulnerability may lead to a loss of integrity or denial of service. | |||
| CVE-2023-34334 | 0.00 | — | 0.01 | Jun 12, 2023 | AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure, or data tampering. | |||
| CVE-2023-34343 | 0.00 | — | 0.01 | Jun 12, 2023 | AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure, or data tampering. | |||
| CVE-2023-34342 | 0.00 | — | 0.01 | Jun 12, 2023 | AMI BMC contains a vulnerability in the IPMI handler, where an attacker can upload and download arbitrary files under certain circumstances, which may lead to denial of service, escalation of privileges, information disclosure, or data tampering. | |||
| CVE-2023-34341 | 0.00 | — | 0.01 | Jun 12, 2023 | AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can read and write to arbitrary locations within the memory context of the IPMI server process, which may lead to code execution, denial of service, information disclosure, or… | |||
| CVE-2023-34345 | 0.00 | — | 0.01 | Jun 12, 2023 | AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can access arbitrary files, which may lead to information disclosure. | |||
| CVE-2023-34344 | 0.00 | — | 0.00 | Jun 12, 2023 | AMI BMC contains a vulnerability in the IPMI handler, where an unauthorized attacker can use certain oracles to guess a valid username, which may lead to information disclosure. | |||
| CVE-2022-42290 | 0.00 | — | 0.01 | Jan 13, 2023 | NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure and data tampering. | |||
| CVE-2022-42288 | 0.00 | — | 0.00 | Jan 13, 2023 | NVIDIA BMC contains a vulnerability in IPMI handler, where an unauthorized attacker can use certain oracles to guess a valid BMC username, which may lead to an information disclosure. | |||
| CVE-2022-42287 | 0.00 | — | 0.00 | Jan 13, 2023 | NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can upload and download arbitrary files under certain circumstances, which may lead to denial of service, escalation of privileges, information disclosure and data tampering. | |||
| CVE-2022-42284 | 0.00 | — | 0.00 | Jan 13, 2023 | NVIDIA BMC stores user passwords in an obfuscated form in a database accessible by the host. This may lead to a credentials exposure. | |||
| CVE-2022-42283 | 0.00 | — | 0.00 | Jan 13, 2023 | NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can cause a buffer overflow and cause a denial of service or gain code execution. | |||
| CVE-2022-42282 | 0.00 | — | 0.00 | Jan 13, 2023 | NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can access arbitrary files, which may lead to information disclosure. |
- risk 0.47cvss 7.2epss 0.00
There is a vulnerability in the Supermicro BMC web function at Supermicro MBD-X13SEDW-F. After logging into the BMC Web server, an attacker can use a specially crafted payload to trigger the Stack buffer overflow vulnerability.
- risk 0.47cvss 7.2epss 0.00
There is a vulnerability in the Supermicro BMC web function at Supermicro MBD-X13SEDW-F. After logging into the BMC Web server, an attacker can use a specially crafted payload to trigger the Stack buffer overflow vulnerability.
- risk 0.36cvss 5.5epss 0.00
Stack buffer overflow vulnerability exists in the Supermicro BMC Shared library. An authenticated attacker with access to the BMC exploit stack buffer via a crafted header and achieve arbitrary code execution of the BMC’s firmware operating system.
- risk 0.35cvss 5.4epss 0.00
Stack-based buffer overflow in the SMASH-CLP shell. An authenticated attacker with SSH access to the BMC can exploit a stack buffer overflow via a crafted SMASH command, overwrite the return address and registers, and achieve arbitrary code execution on the BMC firmware…
- risk 0.35cvss 5.4epss 0.00
Supermicro BMC Insyde SMASH shell program has a stacked-based overflow vulnerability
- CVE-2013-4782Jul 8, 2013risk 0.05cvss —epss 0.26
The Supermicro BMC implementation allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher zero) and an arbitrary password.
- CVE-2023-34336Jun 12, 2023risk 0.00cvss —epss 0.01
AMI BMC contains a vulnerability in the IPMI handler, where an attacker with the required privileges can cause a buffer overflow, which may lead to code execution, denial of service, or escalation of privileges.
- CVE-2023-34335Jun 12, 2023risk 0.00cvss —epss 0.00
AMI BMC contains a vulnerability in the IPMI handler, where an unauthenticated host is allowed to write to a host SPI flash, bypassing secure boot protections. An exploitation of this vulnerability may lead to a loss of integrity or denial of service.
- CVE-2023-34334Jun 12, 2023risk 0.00cvss —epss 0.01
AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure, or data tampering.
- CVE-2023-34343Jun 12, 2023risk 0.00cvss —epss 0.01
AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure, or data tampering.
- CVE-2023-34342Jun 12, 2023risk 0.00cvss —epss 0.01
AMI BMC contains a vulnerability in the IPMI handler, where an attacker can upload and download arbitrary files under certain circumstances, which may lead to denial of service, escalation of privileges, information disclosure, or data tampering.
- CVE-2023-34341Jun 12, 2023risk 0.00cvss —epss 0.01
AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can read and write to arbitrary locations within the memory context of the IPMI server process, which may lead to code execution, denial of service, information disclosure, or…
- CVE-2023-34345Jun 12, 2023risk 0.00cvss —epss 0.01
AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can access arbitrary files, which may lead to information disclosure.
- CVE-2023-34344Jun 12, 2023risk 0.00cvss —epss 0.00
AMI BMC contains a vulnerability in the IPMI handler, where an unauthorized attacker can use certain oracles to guess a valid username, which may lead to information disclosure.
- CVE-2022-42290Jan 13, 2023risk 0.00cvss —epss 0.01
NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure and data tampering.
- CVE-2022-42288Jan 13, 2023risk 0.00cvss —epss 0.00
NVIDIA BMC contains a vulnerability in IPMI handler, where an unauthorized attacker can use certain oracles to guess a valid BMC username, which may lead to an information disclosure.
- CVE-2022-42287Jan 13, 2023risk 0.00cvss —epss 0.00
NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can upload and download arbitrary files under certain circumstances, which may lead to denial of service, escalation of privileges, information disclosure and data tampering.
- CVE-2022-42284Jan 13, 2023risk 0.00cvss —epss 0.00
NVIDIA BMC stores user passwords in an obfuscated form in a database accessible by the host. This may lead to a credentials exposure.
- CVE-2022-42283Jan 13, 2023risk 0.00cvss —epss 0.00
NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can cause a buffer overflow and cause a denial of service or gain code execution.
- CVE-2022-42282Jan 13, 2023risk 0.00cvss —epss 0.00
NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can access arbitrary files, which may lead to information disclosure.
Page 1 of 2