CVE-2019-16649

CRITICAL

Supermicro - Privilege Escalation

Title source: llm

Description

On Supermicro H11, H12, M11, X9, X10, and X11 products, a combination of encryption and authentication problems in the virtual media service allows capture of BMC credentials and data transferred over virtual media devices. Attackers can use captured credentials to connect virtual USB devices to the server managed by the BMC.

References (3)

[Third Party Advisory] https://eclypsium.com/2019/09/03/usbanywhere-bmc-vulnerability-opens-servers-to-remote-attack/

[Third Party Advisory] https://github.com/eclypsium/USBAnywhere

View Writeup ZIP pw:eip

[Vendor Advisory] https://www.supermicro.com/support/security_BMC_virtual_media.cfm

Scores

CVSS v3 10.0

EPSS 0.0010

EPSS Percentile 27.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Classification

CWE

CWE-522 CWE-287 CWE-326

Status published

Affected Products (50)

supermicro/x11dai-n_firmware

supermicro/x11dac_firmware

supermicro/x11dph-tq_firmware

supermicro/x11dph-i_firmware

supermicro/x11dph-t_firmware

supermicro/x11dps-re_firmware

supermicro/x11dsf-e_firmware

supermicro/x11dsn-ts_firmware

supermicro/x11dsn-tsq_firmware

supermicro/x11dsc\+_firmware

supermicro/x11ddw-nt_firmware

supermicro/x11ddw-l_firmware

supermicro/x11dgq_firmware

supermicro/x11dpff-sn_firmware

supermicro/x11dpfr-sn_firmware

... and 35 more

Timeline

Published Sep 21, 2019

Tracked Since Feb 18, 2026