CVE-2018-13787 Information

Feb 14, 2021 cve

Description

Certain Supermicro X11S X10 X9 X8SI K1SP C9X299 C7 B1 A2 and A1 products have a misconfigured Descriptor Region allowing OS programs to modify firmware.

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Reference

https://blog.eclypsium.com/2018/06/07/firmware-vulnerabilities-in-supermicro-systems/ https://www.bleepingcomputer.com/news/security/firmware-vulnerabilities-disclosed-in-supermicro-server-products/ https://www.supermicro.com/support/security_Intel-SA-00088.cfm?pg=X10tab

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction Required

HIGH

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

6.7

Share on: