CVE-2023-35861

9.8

CRITICAL

Supermicro Motherboard Shell Injection Vulnerability

Description

A shell-injection vulnerability in email notifications on Supermicro motherboards (such as H12DST-B before 03.10.35) allows remote attackers to inject execute arbitrary commands as root on the BMC.

INFO

Published Date :

July 31, 2023, 1:15 p.m.

Last Modified :

Aug. 7, 2023, 7:19 p.m.

Source :

[email protected]

Remotely Exploitable :

Yes !

Impact Score :

5.9

Exploitability Score :

3.9

Affected Products

The following products are affected by CVE-2023-35861 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID	Vendor	Product
1	Supermicro	h12dst-b_firmware
2	Supermicro	x13dai-t_firmware
3	Supermicro	x13ddw-a_firmware
4	Supermicro	x13deg-oa_firmware
5	Supermicro	x13deg-oad_firmware
6	Supermicro	x13deg-pvc_firmware
7	Supermicro	x13deg-qt_firmware
8	Supermicro	x13dei_firmware
9	Supermicro	x13dei-t_firmware
10	Supermicro	x13dem_firmware
11	Supermicro	x13det-b_firmware
12	Supermicro	x13dgu_firmware
13	Supermicro	x13dsf-a_firmware
14	Supermicro	x13qeh\+_firmware
15	Supermicro	x13sae_firmware
16	Supermicro	x13sae-f_firmware
17	Supermicro	x13san-c_firmware
18	Supermicro	x13san-c-wohs_firmware
19	Supermicro	x13san-e_firmware
20	Supermicro	x13san-e-wohs_firmware
21	Supermicro	x13san-h_firmware
22	Supermicro	x13san-h-wohs_firmware
23	Supermicro	x13san-l_firmware
24	Supermicro	x13san-l-wohs_firmware
25	Supermicro	x13saq_firmware
26	Supermicro	x13sav-lvds_firmware
27	Supermicro	x13sav-ps_firmware
28	Supermicro	x13saz-f_firmware
29	Supermicro	x13saz-q_firmware
30	Supermicro	x13sedw-f_firmware
31	Supermicro	x13seed-f_firmware
32	Supermicro	x13seed-sf_firmware
33	Supermicro	x13sefr-a_firmware
34	Supermicro	x13sei-f_firmware
35	Supermicro	x13sei-tf_firmware
36	Supermicro	x13sem-f_firmware
37	Supermicro	x13sem-tf_firmware
38	Supermicro	x13set-g_firmware
39	Supermicro	x13set-gc_firmware
40	Supermicro	x13sew-f_firmware
41	Supermicro	x13sew-tf_firmware
42	Supermicro	x13sra-tf_firmware
43	Supermicro	x13srn-e_firmware
44	Supermicro	x13srn-e-wohs_firmware
45	Supermicro	x13srn-h_firmware
46	Supermicro	x13srn-h-wohs_firmware
47	Supermicro	x13swa-tf_firmware
48	Supermicro	h13dsg-o-cpu_firmware
49	Supermicro	h13dsg-o-cpu-d_firmware
50	Supermicro	h13dsh_firmware
51	Supermicro	h13sae-mf_firmware
52	Supermicro	h13srd-f_firmware
53	Supermicro	h13ssf_firmware
54	Supermicro	h13ssh_firmware
55	Supermicro	h13ssl-n_firmware
56	Supermicro	h13ssl-nt_firmware
57	Supermicro	h13sst-g_firmware
58	Supermicro	h13sst-gc_firmware
59	Supermicro	h13ssw_firmware
60	Supermicro	x12dai-n6_firmware
61	Supermicro	x12ddw-a6_firmware
62	Supermicro	x12dgo-6_firmware
63	Supermicro	x12dgq-r_firmware
64	Supermicro	x12dgu_firmware
65	Supermicro	x12dhm-6_firmware
66	Supermicro	x12dpd-a6m25_firmware
67	Supermicro	x12dpfr-an6_firmware
68	Supermicro	x12dpg-ar_firmware
69	Supermicro	x12dpg-oa6_firmware
70	Supermicro	x12dpg-oa6-gd2_firmware
71	Supermicro	x12dpg-qbt6_firmware
72	Supermicro	x12dpg-qr_firmware
73	Supermicro	x12dpg-qt6_firmware
74	Supermicro	x12dpg-u6_firmware
75	Supermicro	x12dpi-n6_firmware
76	Supermicro	x12dpi-nt6_firmware
77	Supermicro	x12dpl-i6_firmware
78	Supermicro	x12dpl-nt6_firmware
79	Supermicro	x12dpt-b6_firmware
80	Supermicro	x12dpt-pt46_firmware
81	Supermicro	x12dpt-pt6_firmware
82	Supermicro	x12dpu-6_firmware
83	Supermicro	x12dsc-6_firmware
84	Supermicro	x12qch\+_firmware
85	Supermicro	x12sae_firmware
86	Supermicro	x12sae-5_firmware
87	Supermicro	x12sca-5f_firmware
88	Supermicro	x12sca-f_firmware
89	Supermicro	x12scq_firmware
90	Supermicro	x12scv-lvds_firmware
91	Supermicro	x12scv-w_firmware
92	Supermicro	x12scz-f_firmware
93	Supermicro	x12scz-qf_firmware
94	Supermicro	x12scz-tln4f_firmware
95	Supermicro	x12sdv-10c-sp6f_firmware
96	Supermicro	x12sdv-10c-spt4f_firmware
97	Supermicro	x12sdv-14c-spt8f_firmware
98	Supermicro	x12sdv-16c-spt8f_firmware
99	Supermicro	x12sdv-20c-spt8f_firmware
100	Supermicro	x12sdv-4c-sp6f_firmware
101	Supermicro	x12sdv-4c-spt4f_firmware
102	Supermicro	x12sdv-4c-spt8f_firmware
103	Supermicro	x12sdv-8c-sp6f_firmware
104	Supermicro	x12sdv-8c-spt4f_firmware
105	Supermicro	x12sdv-8c-spt8f_firmware
106	Supermicro	x12sdv-8ce-sp4f_firmware
107	Supermicro	x12spa-tf_firmware
108	Supermicro	x12sped-f_firmware
109	Supermicro	x12spg-nf_firmware
110	Supermicro	x12spi-tf_firmware
111	Supermicro	x12spl-f_firmware
112	Supermicro	x12spl-ln4f_firmware
113	Supermicro	x12spm-ln4f_firmware
114	Supermicro	x12spm-ln6tf_firmware
115	Supermicro	x12spm-tf_firmware
116	Supermicro	x12spo-f_firmware
117	Supermicro	x12spo-ntf_firmware
118	Supermicro	x12spt-g_firmware
119	Supermicro	x12spt-gc_firmware
120	Supermicro	x12spt-pt_firmware
121	Supermicro	x12spw-f_firmware
122	Supermicro	x12spw-tf_firmware
123	Supermicro	x12spz-ln4f_firmware
124	Supermicro	x12spz-spln6f_firmware
125	Supermicro	x12std-f_firmware
126	Supermicro	x12ste-f_firmware
127	Supermicro	x12sth-f_firmware
128	Supermicro	x12sth-ln4f_firmware
129	Supermicro	x12sth-sys_firmware
130	Supermicro	x12stl-f_firmware
131	Supermicro	x12stl-if_firmware
132	Supermicro	x12stn-c_firmware
133	Supermicro	x12stn-c-wohs_firmware
134	Supermicro	x12stn-e_firmware
135	Supermicro	x12stn-e-wohs_firmware
136	Supermicro	x12stn-h_firmware
137	Supermicro	x12stn-h-wohs_firmware
138	Supermicro	x12stn-l_firmware
139	Supermicro	x12stn-l-wohs_firmware
140	Supermicro	x12stw-f_firmware
141	Supermicro	x12stw-tf_firmware
142	Supermicro	h12ssw-ntr_firmware
143	Supermicro	h12ssw-ntl_firmware
144	Supermicro	h12ssw-nt_firmware
145	Supermicro	h12ssw-inr_firmware
146	Supermicro	h12ssw-inl_firmware
147	Supermicro	h12ssw-in_firmware
148	Supermicro	h12ssw-an6_firmware
149	Supermicro	h12sst-ps_firmware
150	Supermicro	h12ssl-nt_firmware
151	Supermicro	h12ssl-i_firmware
152	Supermicro	h12ssl-ct_firmware
153	Supermicro	h12ssl-c_firmware
154	Supermicro	h12ssg-anp6_firmware
155	Supermicro	h12ssg-an6_firmware
156	Supermicro	h12ssfr-an6_firmware
157	Supermicro	h12ssff-an6_firmware
158	Supermicro	h12dsu-inr_firmware
159	Supermicro	h12dsu-in_firmware
160	Supermicro	h12dsi-nt6_firmware
161	Supermicro	h12dsi-n6_firmware
162	Supermicro	h12dsg-q-cpu6_firmware
163	Supermicro	h12dsg-o-cpu_firmware
164	Supermicro	h12dgq-nt6_firmware
165	Supermicro	h12dgo-6_firmware

: Total Affected Vendor : 1 | Products : 165

References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2023-35861.

URL	Resource
https://blog.freax13.de/cve/cve-2023-35861	Exploit Third Party Advisory
https://www.supermicro.com/en/products/motherboards	Product
https://www.supermicro.com/en/support/security_SMTP_Jun_2023	Vendor Advisory

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2023-35861 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2023-35861 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

CVE Modified by [email protected]

May. 14, 2024

Action Type Old Value New Value

Initial Analysis by [email protected]

Aug. 07, 2023

Action	Type	Old Value	New Value
Added	CVSS V3.1		NIST AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Changed	Reference Type	https://blog.freax13.de/cve/cve-2023-35861 No Types Assigned	https://blog.freax13.de/cve/cve-2023-35861 Exploit, Third Party Advisory
Changed	Reference Type	https://www.supermicro.com/en/products/motherboards No Types Assigned	https://www.supermicro.com/en/products/motherboards Product
Changed	Reference Type	https://www.supermicro.com/en/support/security_SMTP_Jun_2023 No Types Assigned	https://www.supermicro.com/en/support/security_SMTP_Jun_2023 Vendor Advisory
Added	CWE		NIST CWE-78
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:h12dst-b_firmware::::::::* versions up to (excluding) 03.10.35 OR cpe:2.3:h:supermicro:h12dst-b:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x13dai-t_firmware:-::::::: OR cpe:2.3:h:supermicro:x13dai-t:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x13ddw-a_firmware:-::::::: OR cpe:2.3:h:supermicro:x13ddw-a:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x13deg-oa_firmware:-::::::: OR cpe:2.3:h:supermicro:x13deg-oa:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x13deg-oad_firmware:-::::::: OR cpe:2.3:h:supermicro:x13deg-oad:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x13deg-pvc_firmware:-::::::: OR cpe:2.3:h:supermicro:x13deg-pvc:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x13deg-qt_firmware:-::::::: OR cpe:2.3:h:supermicro:x13deg-qt:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x13dei_firmware:-::::::: OR cpe:2.3:h:supermicro:x13dei:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x13dei-t_firmware:-::::::: OR cpe:2.3:h:supermicro:x13dei-t:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x13dem_firmware:-::::::: OR cpe:2.3:h:supermicro:x13dem:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x13det-b_firmware:-::::::: OR cpe:2.3:h:supermicro:x13det-b:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x13dgu_firmware:-::::::: OR cpe:2.3:h:supermicro:x13dgu:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x13dsf-a_firmware:-::::::: OR cpe:2.3:h:supermicro:x13dsf-a:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x13qeh\+_firmware:-::::::: OR cpe:2.3:h:supermicro:x13qeh\+:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x13sae_firmware:-::::::: OR cpe:2.3:h:supermicro:x13sae:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x13sae-f_firmware:-::::::: OR cpe:2.3:h:supermicro:x13sae-f:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x13san-c_firmware:-::::::: OR cpe:2.3:h:supermicro:x13san-c:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x13san-c-wohs_firmware:-::::::: OR cpe:2.3:h:supermicro:x13san-c-wohs:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x13san-e_firmware:-::::::: OR cpe:2.3:h:supermicro:x13san-e:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x13san-e-wohs_firmware:-::::::: OR cpe:2.3:h:supermicro:x13san-e-wohs:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x13san-h_firmware:-::::::: OR cpe:2.3:h:supermicro:x13san-h:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x13san-h-wohs_firmware:-::::::: OR cpe:2.3:h:supermicro:x13san-h-wohs:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x13san-l_firmware:-::::::: OR cpe:2.3:h:supermicro:x13san-l:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x13san-l-wohs_firmware:-::::::: OR cpe:2.3:h:supermicro:x13san-l-wohs:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x13saq_firmware:-::::::: OR cpe:2.3:h:supermicro:x13saq:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x13sav-lvds_firmware:-::::::: OR cpe:2.3:h:supermicro:x13sav-lvds:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x13sav-ps_firmware:-::::::: OR cpe:2.3:h:supermicro:x13sav-ps:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x13saz-f_firmware:-::::::: OR cpe:2.3:h:supermicro:x13saz-f:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x13saz-q_firmware:-::::::: OR cpe:2.3:h:supermicro:x13saz-q:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x13sedw-f_firmware:-::::::: OR cpe:2.3:h:supermicro:x13sedw-f:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x13seed-f_firmware:-::::::: OR cpe:2.3:h:supermicro:x13seed-f:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x13seed-sf_firmware:-::::::: OR cpe:2.3:h:supermicro:x13seed-sf:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x13sefr-a_firmware:-::::::: OR cpe:2.3:h:supermicro:x13sefr-a:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x13sei-f_firmware:-::::::: OR cpe:2.3:h:supermicro:x13sei-f:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x13sei-tf_firmware:-::::::: OR cpe:2.3:h:supermicro:x13sei-tf:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x13sem-f_firmware:-::::::: OR cpe:2.3:h:supermicro:x13sem-f:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x13sem-tf_firmware:-::::::: OR cpe:2.3:h:supermicro:x13sem-tf:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x13set-g_firmware:-::::::: OR cpe:2.3:h:supermicro:x13set-g:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x13set-gc_firmware:-::::::: OR cpe:2.3:h:supermicro:x13set-gc:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x13sew-f_firmware:-::::::: OR cpe:2.3:h:supermicro:x13sew-f:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x13sew-tf_firmware:-::::::: OR cpe:2.3:h:supermicro:x13sew-tf:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x13sra-tf_firmware:-::::::: OR cpe:2.3:h:supermicro:x13sra-tf:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x13srn-e_firmware:-::::::: OR cpe:2.3:h:supermicro:x13srn-e:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x13srn-e-wohs_firmware:-::::::: OR cpe:2.3:h:supermicro:x13srn-e-wohs:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x13srn-h_firmware:-::::::: OR cpe:2.3:h:supermicro:x13srn-h:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x13srn-h-wohs_firmware:-::::::: OR cpe:2.3:h:supermicro:x13srn-h-wohs:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x13swa-tf_firmware:-::::::: OR cpe:2.3:h:supermicro:x13swa-tf:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:h13dsg-o-cpu_firmware:-::::::: OR cpe:2.3:h:supermicro:h13dsg-o-cpu:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:h13dsg-o-cpu-d_firmware:-::::::: OR cpe:2.3:h:supermicro:h13dsg-o-cpu-d:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:h13dsh_firmware:-::::::: OR cpe:2.3:h:supermicro:h13dsh:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:h13sae-mf_firmware:-::::::: OR cpe:2.3:h:supermicro:h13sae-mf:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:h13srd-f_firmware:-::::::: OR cpe:2.3:h:supermicro:h13srd-f:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:h13ssf_firmware:-::::::: OR cpe:2.3:h:supermicro:h13ssf:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:h13ssh_firmware:-::::::: OR cpe:2.3:h:supermicro:h13ssh:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:h13ssl-n_firmware:-::::::: OR cpe:2.3:h:supermicro:h13ssl-n:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:h13ssl-nt_firmware:-::::::: OR cpe:2.3:h:supermicro:h13ssl-nt:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:h13sst-g_firmware:-::::::: OR cpe:2.3:h:supermicro:h13sst-g:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:h13sst-gc_firmware:-::::::: OR cpe:2.3:h:supermicro:h13sst-gc:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:h13ssw_firmware:-::::::: OR cpe:2.3:h:supermicro:h13ssw:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x12dai-n6_firmware:-::::::: OR cpe:2.3:h:supermicro:x12dai-n6:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x12ddw-a6_firmware:-::::::: OR cpe:2.3:h:supermicro:x12ddw-a6:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x12dgo-6_firmware:-::::::: OR cpe:2.3:h:supermicro:x12dgo-6:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x12dgq-r_firmware:-::::::: OR cpe:2.3:h:supermicro:x12dgq-r:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x12dgu_firmware:-::::::: OR cpe:2.3:h:supermicro:x12dgu:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x12dhm-6_firmware:-::::::: OR cpe:2.3:h:supermicro:x12dhm-6:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x12dpd-a6m25_firmware:-::::::: OR cpe:2.3:h:supermicro:x12dpd-a6m25:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x12dpfr-an6_firmware:-::::::: OR cpe:2.3:h:supermicro:x12dpfr-an6:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x12dpg-ar_firmware:-::::::: OR cpe:2.3:h:supermicro:x12dpg-ar:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x12dpg-oa6_firmware:-::::::: OR cpe:2.3:h:supermicro:x12dpg-oa6:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x12dpg-oa6-gd2_firmware:-::::::: OR cpe:2.3:h:supermicro:x12dpg-oa6-gd2:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x12dpg-qbt6_firmware:-::::::: OR cpe:2.3:h:supermicro:x12dpg-qbt6:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x12dpg-qr_firmware:-::::::: OR cpe:2.3:h:supermicro:x12dpg-qr:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x12dpg-qt6_firmware:-::::::: OR cpe:2.3:h:supermicro:x12dpg-qt6:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x12dpg-u6_firmware:-::::::: OR cpe:2.3:h:supermicro:x12dpg-u6:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x12dpi-n6_firmware:-::::::: OR cpe:2.3:h:supermicro:x12dpi-n6:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x12dpi-nt6_firmware:-::::::: OR cpe:2.3:h:supermicro:x12dpi-nt6:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x12dpl-i6_firmware:-::::::: OR cpe:2.3:h:supermicro:x12dpl-i6:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x12dpl-nt6_firmware:-::::::: OR cpe:2.3:h:supermicro:x12dpl-nt6:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x12dpt-b6_firmware:-::::::: OR cpe:2.3:h:supermicro:x12dpt-b6:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x12dpt-pt46_firmware:-::::::: OR cpe:2.3:h:supermicro:x12dpt-pt46:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x12dpt-pt6_firmware:-::::::: OR cpe:2.3:h:supermicro:x12dpt-pt6:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x12dpu-6_firmware:-::::::: OR cpe:2.3:h:supermicro:x12dpu-6:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x12dsc-6_firmware:-::::::: OR cpe:2.3:h:supermicro:x12dsc-6:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x12qch\+_firmware:-::::::: OR cpe:2.3:h:supermicro:x12qch\+:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x12sae_firmware:-::::::: OR cpe:2.3:h:supermicro:x12sae:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x12sae-5_firmware:-::::::: OR cpe:2.3:h:supermicro:x12sae-5:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x12sca-5f_firmware:-::::::: OR cpe:2.3:h:supermicro:x12sca-5f:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x12sca-f_firmware:-::::::: OR cpe:2.3:h:supermicro:x12sca-f:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x12scq_firmware:-::::::: OR cpe:2.3:h:supermicro:x12scq:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x12scv-lvds_firmware:-::::::: OR cpe:2.3:h:supermicro:x12scv-lvds:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x12scv-w_firmware:-::::::: OR cpe:2.3:h:supermicro:x12scv-w:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x12scz-f_firmware:-::::::: OR cpe:2.3:h:supermicro:x12scz-f:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x12scz-qf_firmware:-::::::: OR cpe:2.3:h:supermicro:x12scz-qf:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x12scz-tln4f_firmware:-::::::: OR cpe:2.3:h:supermicro:x12scz-tln4f:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x12sdv-10c-sp6f_firmware:-::::::: OR cpe:2.3:h:supermicro:x12sdv-10c-sp6f:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x12sdv-10c-spt4f_firmware:-::::::: OR cpe:2.3:h:supermicro:x12sdv-10c-spt4f:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x12sdv-14c-spt8f_firmware:-::::::: OR cpe:2.3:h:supermicro:x12sdv-14c-spt8f:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x12sdv-16c-spt8f_firmware:-::::::: OR cpe:2.3:h:supermicro:x12sdv-16c-spt8f:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x12sdv-20c-spt8f_firmware:-::::::: OR cpe:2.3:h:supermicro:x12sdv-20c-spt8f:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x12sdv-4c-sp6f_firmware:-::::::: OR cpe:2.3:h:supermicro:x12sdv-4c-sp6f:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x12sdv-4c-spt4f_firmware:-::::::: OR cpe:2.3:h:supermicro:x12sdv-4c-spt4f:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x12sdv-4c-spt8f_firmware:-::::::: OR cpe:2.3:h:supermicro:x12sdv-4c-spt8f:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x12sdv-8c-sp6f_firmware:-::::::: OR cpe:2.3:h:supermicro:x12sdv-8c-sp6f:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x12sdv-8c-spt4f_firmware:-::::::: OR cpe:2.3:h:supermicro:x12sdv-8c-spt4f:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x12sdv-8c-spt8f_firmware:-::::::: OR cpe:2.3:h:supermicro:x12sdv-8c-spt8f:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x12sdv-8ce-sp4f_firmware:-::::::: OR cpe:2.3:h:supermicro:x12sdv-8ce-sp4f:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x12spa-tf_firmware:-::::::: OR cpe:2.3:h:supermicro:x12spa-tf:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x12sped-f_firmware:-::::::: OR cpe:2.3:h:supermicro:x12sped-f:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x12spg-nf_firmware:-::::::: OR cpe:2.3:h:supermicro:x12spg-nf:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x12spi-tf_firmware:-::::::: OR cpe:2.3:h:supermicro:x12spi-tf:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x12spl-f_firmware:-::::::: OR cpe:2.3:h:supermicro:x12spl-f:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x12spl-ln4f_firmware:-::::::: OR cpe:2.3:h:supermicro:x12spl-ln4f:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x12spm-ln4f_firmware:-::::::: OR cpe:2.3:h:supermicro:x12spm-ln4f:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x12spm-ln6tf_firmware:-::::::: OR cpe:2.3:h:supermicro:x12spm-ln6tf:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x12spm-tf_firmware:-::::::: OR cpe:2.3:h:supermicro:x12spm-tf:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x12spo-f_firmware:-::::::: OR cpe:2.3:h:supermicro:x12spo-f:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x12spo-ntf_firmware:-::::::: OR cpe:2.3:h:supermicro:x12spo-ntf:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x12spt-g_firmware:-::::::: OR cpe:2.3:h:supermicro:x12spt-g:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x12spt-gc_firmware:-::::::: OR cpe:2.3:h:supermicro:x12spt-gc:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x12spt-pt_firmware:-::::::: OR cpe:2.3:h:supermicro:x12spt-pt:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x12spw-f_firmware:-::::::: OR cpe:2.3:h:supermicro:x12spw-f:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x12spw-tf_firmware:-::::::: OR cpe:2.3:h:supermicro:x12spw-tf:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x12spz-ln4f_firmware:-::::::: OR cpe:2.3:h:supermicro:x12spz-ln4f:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x12spz-spln6f_firmware:-::::::: OR cpe:2.3:h:supermicro:x12spz-spln6f:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x12std-f_firmware:-::::::: OR cpe:2.3:h:supermicro:x12std-f:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x12ste-f_firmware:-::::::: OR cpe:2.3:h:supermicro:x12ste-f:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x12sth-f_firmware:-::::::: OR cpe:2.3:h:supermicro:x12sth-f:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x12sth-ln4f_firmware:-::::::: OR cpe:2.3:h:supermicro:x12sth-ln4f:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x12sth-sys_firmware:-::::::: OR cpe:2.3:h:supermicro:x12sth-sys:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x12stl-f_firmware:-::::::: OR cpe:2.3:h:supermicro:x12stl-f:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x12stl-if_firmware:-::::::: OR cpe:2.3:h:supermicro:x12stl-if:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x12stn-c_firmware:-::::::: OR cpe:2.3:h:supermicro:x12stn-c:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x12stn-c-wohs_firmware:-::::::: OR cpe:2.3:h:supermicro:x12stn-c-wohs:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x12stn-e_firmware:-::::::: OR cpe:2.3:h:supermicro:x12stn-e:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x12stn-e-wohs_firmware:-::::::: OR cpe:2.3:h:supermicro:x12stn-e-wohs:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x12stn-h_firmware:-::::::: OR cpe:2.3:h:supermicro:x12stn-h:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x12stn-h-wohs_firmware:-::::::: OR cpe:2.3:h:supermicro:x12stn-h-wohs:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x12stn-l_firmware:-::::::: OR cpe:2.3:h:supermicro:x12stn-l:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x12stn-l-wohs_firmware:-::::::: OR cpe:2.3:h:supermicro:x12stn-l-wohs:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x12stw-f_firmware:-::::::: OR cpe:2.3:h:supermicro:x12stw-f:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:x12stw-tf_firmware:-::::::: OR cpe:2.3:h:supermicro:x12stw-tf:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:h12ssw-ntr_firmware:-::::::: OR cpe:2.3:h:supermicro:h12ssw-ntr:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:h12ssw-ntl_firmware:-::::::: OR cpe:2.3:h:supermicro:h12ssw-ntl:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:h12ssw-nt_firmware:-::::::: OR cpe:2.3:h:supermicro:h12ssw-nt:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:h12ssw-inr_firmware:-::::::: OR cpe:2.3:h:supermicro:h12ssw-inr:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:h12ssw-inl_firmware:-::::::: OR cpe:2.3:h:supermicro:h12ssw-inl:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:h12ssw-in_firmware:-::::::: OR cpe:2.3:h:supermicro:h12ssw-in:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:h12ssw-an6_firmware:-::::::: OR cpe:2.3:h:supermicro:h12ssw-an6:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:h12sst-ps_firmware:-::::::: OR cpe:2.3:h:supermicro:h12sst-ps:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:h12ssl-nt_firmware:-::::::: OR cpe:2.3:h:supermicro:h12ssl-nt:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:h12ssl-i_firmware:-::::::: OR cpe:2.3:h:supermicro:h12ssl-i:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:h12ssl-ct_firmware:-::::::: OR cpe:2.3:h:supermicro:h12ssl-ct:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:h12ssl-c_firmware:-::::::: OR cpe:2.3:h:supermicro:h12ssl-c:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:h12ssg-anp6_firmware:-::::::: OR cpe:2.3:h:supermicro:h12ssg-anp6:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:h12ssg-an6_firmware:-::::::: OR cpe:2.3:h:supermicro:h12ssg-an6:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:h12ssfr-an6_firmware:-::::::: OR cpe:2.3:h:supermicro:h12ssfr-an6:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:h12ssff-an6_firmware:-::::::: OR cpe:2.3:h:supermicro:h12ssff-an6:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:h12dsu-inr_firmware:-::::::: OR cpe:2.3:h:supermicro:h12dsu-inr:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:h12dsu-in_firmware:-::::::: OR cpe:2.3:h:supermicro:h12dsu-in:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:h12dst-b_firmware:-::::::: OR cpe:2.3:h:supermicro:h12dst-b:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:h12dsi-nt6_firmware:-::::::: OR cpe:2.3:h:supermicro:h12dsi-nt6:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:h12dsi-n6_firmware:-::::::: OR cpe:2.3:h:supermicro:h12dsi-n6:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:h12dsg-q-cpu6_firmware:-::::::: OR cpe:2.3:h:supermicro:h12dsg-q-cpu6:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:h12dsg-o-cpu_firmware:-::::::: OR cpe:2.3:h:supermicro:h12dsg-o-cpu:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:h12dgq-nt6_firmware:-::::::: OR cpe:2.3:h:supermicro:h12dgq-nt6:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:supermicro:h12dgo-6_firmware:-::::::: OR cpe:2.3:h:supermicro:h12dgo-6:-:::::::*

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.

CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2023-35861 is associated with the following CWEs:

CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2023-35861 weaknesses.

CAPEC-6: Argument Injection Argument Injection CAPEC-15: Command Delimiters Command Delimiters CAPEC-43: Exploiting Multiple Input Interpretation Layers Exploiting Multiple Input Interpretation Layers CAPEC-88: OS Command Injection OS Command Injection CAPEC-108: Command Line Execution through SQL Injection Command Line Execution through SQL Injection

CVE-2023-35861

Supermicro Motherboard Shell Injection Vulnerability

Description

INFO

July 31, 2023, 1:15 p.m.

Aug. 7, 2023, 7:19 p.m.

[email protected]

Yes !

5.9

3.9

Affected Products

References to Advisories, Solutions, and Tools

CVE Modified by [email protected]

Initial Analysis by [email protected]

CWE - Common Weakness Enumeration

Common Attack Pattern Enumeration and Classification (CAPEC)

Exploit Prediction

0.18 }} 0.12%

0.56034

CVSS31 - Vulnerability Scoring System

Theme Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable