CVE-2019-16649 — CRITICAL (10.0)

Vulnerability Description

On Supermicro H11, H12, M11, X9, X10, and X11 products, a combination of encryption and authentication problems in the virtual media service allows capture of BMC credentials and data transferred over virtual media devices. Attackers can use captured credentials to connect virtual USB devices to the server managed by the BMC.

CVSS Score

10.0

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Supermicro	X11Dai-N Firmware	1.71.5
Supermicro	X11Dai-N	-
Supermicro	X11Dac Firmware	1.71.5
Supermicro	X11Dac	-
Supermicro	X11Dph-Tq Firmware	1.71.5
Supermicro	X11Dph-Tq	-
Supermicro	X11Dph-I Firmware	1.71.5
Supermicro	X11Dph-I	-
Supermicro	X11Dph-T Firmware	1.71.5
Supermicro	X11Dph-T	-
Supermicro	X11Dps-Re Firmware	1.71.5
Supermicro	X11Dps-Re	-
Supermicro	X11Dsf-E Firmware	1.71.5
Supermicro	X11Dsf-E	-
Supermicro	X11Dsn-Ts Firmware	1.71.5
Supermicro	X11Dsn-Ts	-
Supermicro	X11Dsn-Tsq Firmware	1.71.5
Supermicro	X11Dsn-Tsq	-
Supermicro	X11Dsc\+ Firmware	1.74
Supermicro	X11Dsc\+	-

Related Weaknesses (CWE)

CWE-287 CWE-522 CWE-326

References

https://eclypsium.com/2019/09/03/usbanywhere-bmc-vulnerability-opens-servers-to-Third Party Advisory
https://github.com/eclypsium/USBAnywhereThird Party Advisory
https://www.supermicro.com/support/security_BMC_virtual_media.cfmVendor Advisory
https://eclypsium.com/2019/09/03/usbanywhere-bmc-vulnerability-opens-servers-to-Third Party Advisory
https://github.com/eclypsium/USBAnywhereThird Party Advisory
https://www.supermicro.com/support/security_BMC_virtual_media.cfmVendor Advisory

FAQ

What is CVE-2019-16649?

CVE-2019-16649 is a vulnerability with a CVSS score of 10.0 (CRITICAL). On Supermicro H11, H12, M11, X9, X10, and X11 products, a combination of encryption and authentication problems in the virtual media service allows capture of BMC credentials and data transferred over...

How severe is CVE-2019-16649?

CVE-2019-16649 has been rated CRITICAL with a CVSS base score of 10.0/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2019-16649?

Check the references section above for vendor advisories and patch information. Affected products include: Supermicro X11Dai-N Firmware, Supermicro X11Dai-N, Supermicro X11Dac Firmware, Supermicro X11Dac, Supermicro X11Dph-Tq Firmware.