CVE-2023-34853

HIGH

Supermicro X12dai-n6 Firmware - Out-of-Bounds Write

Title source: rule

Description

Buffer Overflow vulnerability in Supermicro motherboard X12DPG-QR 1.4b allows local attackers to hijack control flow via manipulation of SmcSecurityEraseSetupVar variable.

Exploits (1)

nomisec WRITEUP

by risuxx · poc

https://github.com/risuxx/CVE-2023-34853

View Code ZIP pw:eip

References (2)

Core 2

Core References

Product

https://www.supermicro.com/Bios/softfiles/17136/X12DPG-QR_1.4b_X1.02.61_SUM2.10.0.zip.

Vendor Advisory

https://www.supermicro.com/en/support/security_BIOS_Aug_2023

Scores

CVSS v3 7.8

EPSS 0.0014

EPSS Percentile 33.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-787

Status published

Products (50)

supermicro/h11dsi-nt_firmware

supermicro/h11dsi_firmware

supermicro/h11dst-b_firmware

supermicro/h11dsu-in_firmware

supermicro/h12dgo-6_firmware

supermicro/h12dgq-nt6_firmware

supermicro/h12dsg-o-cpu_firmware

supermicro/h12dsg-q-cpu6_firmware

supermicro/h12dsi-n6_firmware

supermicro/h12dsi-nt6_firmware

... and 40 more

Published Aug 22, 2023

Tracked Since Feb 18, 2026