CVE-2024-36435

CRITICAL

Supermicro BMC firmware - Buffer Overflow

Title source: llm

Description

An issue was discovered on Supermicro BMC firmware in select X11, X12, H12, B12, X13, H13, and B13 motherboards (and CMM6 modules). An unauthenticated user can post crafted data to the interface that triggers a stack buffer overflow, and may lead to arbitrary remote code execution on a BMC.

References (1)

Core 1

Core References

Various Sources

https://www.supermicro.com/zh_tw/support/security_BMC_IPMI_Jul_2024

Scores

CVSS v3 9.8

EPSS 0.0129

EPSS Percentile 66.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-121

Status published

Published Jul 11, 2024

Tracked Since Feb 18, 2026