Vulnerability Description
The web interface on Supermicro X10DRH-iT motherboards with BIOS 2.0a and IPMI firmware 03.40 allows remote attackers to exploit a cgi/config_user.cgi CSRF issue to add new admin users. The fixed versions are BIOS 3.2 and firmware 03.88.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Supermicro | X10Drh-It Bios | 2.0a |
| Supermicro | X10Drh-It Firmware | 3.40 |
| Supermicro | X10Drh-It | - |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/158373/SuperMicro-IPMI-03.40-Cross-Site-ReqExploitThird Party Advisory
- https://www.totalpentest.com/post/supermicro-ipmi-webgui-cross-site-request-forgExploitThird Party AdvisoryURL Repurposed
- http://packetstormsecurity.com/files/158373/SuperMicro-IPMI-03.40-Cross-Site-ReqExploitThird Party Advisory
- https://www.totalpentest.com/post/supermicro-ipmi-webgui-cross-site-request-forgExploitThird Party AdvisoryURL Repurposed
FAQ
What is CVE-2020-15046?
CVE-2020-15046 is a vulnerability with a CVSS score of 8.8 (HIGH). The web interface on Supermicro X10DRH-iT motherboards with BIOS 2.0a and IPMI firmware 03.40 allows remote attackers to exploit a cgi/config_user.cgi CSRF issue to add new admin users. The fixed vers...
How severe is CVE-2020-15046?
CVE-2020-15046 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-15046?
Check the references section above for vendor advisories and patch information. Affected products include: Supermicro X10Drh-It Bios, Supermicro X10Drh-It Firmware, Supermicro X10Drh-It.