Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-34853

Published: 22/08/2023 Updated: 29/08/2023
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 0
Subscribe to Supermicro

Vulnerability Summary

Buffer Overflow vulnerability in Supermicro motherboard X12DPG-QR 1.4b allows local malicious users to hijack control flow via manipulation of SmcSecurityEraseSetupVar variable.

Vulnerable Product Search on Vulmon Subscribe to Product

supermicro x12dai-n6_firmware -

supermicro x12ddw-a6_firmware -

supermicro x12dgo-6_firmware -

supermicro x12dgq-r_firmware -

supermicro x12dgu_firmware -

supermicro x12dhm-6_firmware -

supermicro x12dpd-a6m25_firmware -

supermicro x12dpfr-an6_firmware -

supermicro x12dpg-ar_firmware -

supermicro x12dpg-oa6_firmware -

supermicro x12dpg-oa6-gd2_firmware -

supermicro x12dpg-qbt6_firmware -

supermicro x12dpg-qr_firmware -

supermicro x12dpg-qt6_firmware -

supermicro x12dpg-u6_firmware -

supermicro x12dpi-n6_firmware -

supermicro x12dpi-nt6_firmware -

supermicro x12dpl-i6_firmware -

supermicro x12dpl-nt6_firmware -

supermicro x12dpt-b6_firmware -

supermicro x12dpt-pt46_firmware -

supermicro x12dpt-pt6_firmware -

supermicro x12dpu-6_firmware -

supermicro x12dsc-6_firmware -

supermicro x12qch\\+_firmware -

supermicro x12sae_firmware -

supermicro x12sae-5_firmware -

supermicro x12sca-5f_firmware -

supermicro x12sca-f_firmware -

supermicro x12scq_firmware -

supermicro x12scv-lvds_firmware -

supermicro x12scv-w_firmware -

supermicro x12scz-f_firmware -

supermicro x12scz-qf_firmware -

supermicro x12scz-tln4f_firmware -

supermicro x12sdv-10c-sp6f_firmware -

supermicro x12sdv-10c-spt4f_firmware -

supermicro x12sdv-14c-spt8f_firmware -

supermicro x12sdv-16c-spt8f_firmware -

supermicro x12sdv-20c-spt8f_firmware -

supermicro x12sdv-4c-sp6f_firmware -

supermicro x12sdv-4c-spt4f_firmware -

supermicro x12sdv-4c-spt8f_firmware -

supermicro x12sdv-8c-sp6f_firmware -

supermicro x12sdv-8c-spt4f_firmware -

supermicro x12sdv-8c-spt8f_firmware -

supermicro x12sdv-8ce-sp4f_firmware -

supermicro x12spa-tf_firmware -

supermicro x12sped-f_firmware -

supermicro x12spg-nf_firmware -

supermicro x12spi-tf_firmware -

supermicro x12spl-f_firmware -

supermicro x12spl-ln4f_firmware -

supermicro x12spm-ln4f_firmware -

supermicro x12spm-ln6tf_firmware -

supermicro x12spm-tf_firmware -

supermicro x12spo-f_firmware -

supermicro x12spo-ntf_firmware -

supermicro x12spt-g_firmware -

supermicro x12spt-gc_firmware -

supermicro x12spt-pt_firmware -

supermicro x12spw-f_firmware -

supermicro x12spw-tf_firmware -

supermicro x12spz-ln4f_firmware -

supermicro x12spz-spln6f_firmware -

supermicro x12std-f_firmware -

supermicro x12ste-f_firmware -

supermicro x12sth-f_firmware -

supermicro x12sth-ln4f_firmware -

supermicro x12sth-sys_firmware -

supermicro x12stl-f_firmware -

supermicro x12stl-if_firmware -

supermicro x12stn-c_firmware -

supermicro x12stn-c-wohs_firmware -

supermicro x12stn-e_firmware -

supermicro x12stn-e-wohs_firmware -

supermicro x12stn-h_firmware -

supermicro x12stn-h-wohs_firmware -

supermicro x12stn-l_firmware -

supermicro x12stn-l-wohs_firmware -

supermicro x12stw-f_firmware -

supermicro x12stw-tf_firmware -

supermicro h11dsi_firmware -

supermicro h11dsi-nt_firmware -

supermicro h11dst-b_firmware -

supermicro h11dsu-in_firmware -

supermicro h12dgo-6_firmware -

supermicro h12dgq-nt6_firmware -

supermicro h12dsg-o-cpu_firmware -

supermicro h12dsg-q-cpu6_firmware -

supermicro h12dsi-n6_firmware -

supermicro h12dsi-nt6_firmware -

supermicro h12dst-b_firmware -

supermicro h12dsu-in_firmware -

supermicro h12dsu-inr_firmware -

supermicro h12ssff-an6_firmware -

supermicro h12ssfr-an6_firmware -

supermicro h12ssg-an6_firmware -

supermicro h12ssg-anp6_firmware -

supermicro h12ssl-c_firmware -

supermicro h12ssl-ct_firmware -

supermicro h12ssl-i_firmware -

supermicro h12ssl-nt_firmware -

supermicro h12sst-ps_firmware -

supermicro h12ssw-an6_firmware -

supermicro h12ssw-in_firmware -

supermicro h12ssw-inl_firmware -

supermicro h12ssw-inr_firmware -

supermicro h12ssw-nt_firmware -

supermicro h12ssw-ntl_firmware -

supermicro h12ssw-ntr_firmware -

supermicro h13dsg-o-cpu_firmware -

supermicro h13dsg-o-cpu-d_firmware -

supermicro h13dsh_firmware -

supermicro h13sae-mf_firmware -

supermicro h13srd-f_firmware -

supermicro h13ssf_firmware -

supermicro h13ssh_firmware -

supermicro h13ssl-n_firmware -

supermicro h13ssl-nt_firmware -

supermicro h13sst-g_firmware -

supermicro h13sst-gc_firmware -

supermicro h13ssw_firmware -

supermicro x11dac_firmware -

supermicro x11dai-n_firmware -

supermicro x11ddw-l_firmware -

supermicro x11ddw-nt_firmware -

supermicro x11dgo-t_firmware -

supermicro x11dgq_firmware -

supermicro x11dpff-sn_firmware -

supermicro x11dpfr-s_firmware -

supermicro x11dpfr-sn_firmware -

supermicro x11dpg-ot-cpu_firmware -

supermicro x11dpg-qt_firmware -

supermicro x11dpg-sn_firmware -

supermicro x11dph-i_firmware -

supermicro x11dph-t_firmware -

supermicro x11dph-tq_firmware -

supermicro x11dpi-n_firmware -

supermicro x11dpi-nt_firmware -

supermicro x11dpl-i_firmware -

supermicro x11dps-re_firmware -

supermicro x11dpt-b_firmware -

supermicro x11dpt-bh_firmware -

supermicro x11dpt-l_firmware -

supermicro x11dpt-ps_firmware -

supermicro x11dpu_firmware -

supermicro x11dpu-v_firmware -

supermicro x11dpu-x_firmware -

supermicro x11dpu-xll_firmware -

supermicro x11dpu-z\\+_firmware -

supermicro x11dpu-ze\\+_firmware -

supermicro x11dpx-t_firmware -

supermicro x11dsc\\+_firmware -

supermicro x11dsf-e_firmware -

supermicro x11dsn-ts_firmware -

supermicro x11dsn-tsq_firmware -

supermicro x11opi-cpu_firmware -

supermicro x11qph\\+_firmware -

supermicro x11sae_firmware -

supermicro x11sae_m_firmware -

supermicro x11sat_firmware -

supermicro x11sba_firmware -

supermicro x11sca_firmware -

supermicro x11sca-f_firmware -

supermicro x11sca-w_firmware -

supermicro x11scd-f_firmware -

supermicro x11sch-f_firmware -

supermicro x11sch-ln4f_firmware -

supermicro x11scl-f_firmware -

supermicro x11scl-if_firmware -

supermicro x11scl-ln4f_firmware -

supermicro x11scm-f_firmware -

supermicro x11scm-ln8f_firmware -

supermicro x11scw-f_firmware -

supermicro x11sdd-18c-f_firmware -

supermicro x11sdd-8c-f_firmware -

supermicro x11sds-12c_firmware -

supermicro x11sds-16c_firmware -

supermicro x11sds-8c_firmware -

supermicro x11spa-t_firmware -

supermicro x11spa-tf_firmware -

supermicro x11spg-tf_firmware -

supermicro x11sph-nctf_firmware -

supermicro x11sph-nctpf_firmware -

supermicro x11spi-tf_firmware -

supermicro x11spl-f_firmware -

supermicro x11spm-f_firmware -

supermicro x11spm-tf_firmware -

supermicro x11spm-tpf_firmware -

supermicro x11spw-ctf_firmware -

supermicro x11spw-tf_firmware -

supermicro x11sra_firmware -

supermicro x11sri-if_firmware -

supermicro x11srl-f_firmware -

supermicro x11srm_firmware -

supermicro x11srm-f_firmware -

supermicro x11srm-vf_firmware -

supermicro x11ssd-f_firmware -

supermicro x11sse-f_firmware -

supermicro x11ssh-ctf_firmware -

supermicro x11ssh-f_firmware -

supermicro x11ssh-gf-1585_firmware -

supermicro x11ssh-gf-1585l_firmware -

supermicro x11ssh-gtf-1585_firmware -

supermicro x11ssh-gtf-1585l_firmware -

supermicro x11ssh-ln4f_firmware -

supermicro x11ssh-tf_firmware -

supermicro x11ssi-ln4f_firmware -

supermicro x11ssl_firmware -

supermicro x11ssl-cf_firmware -

supermicro x11ssl-f_firmware -

supermicro x11ssl-nf_firmware -

supermicro x11ssm_firmware -

supermicro x11ssm-f_firmware -

supermicro x11ssn_firmware -

supermicro x11ssq_firmware -

supermicro x11ssql_firmware -

supermicro x11ssv_firmware -

supermicro x11ssv-lvds_firmware -

supermicro x11ssv-q_firmware -

supermicro x11ssw-4tf_firmware -

supermicro x11ssw-f_firmware -

supermicro x11ssw-tf_firmware -

supermicro x11ssz_firmware -

supermicro x11ssz-f_firmware -

supermicro x11ssz-tln4f_firmware -

supermicro x13dai-t_firmware -

supermicro x13ddw-a_firmware -

supermicro x13deg-oa_firmware -

supermicro x13deg-oad_firmware -

supermicro x13deg-pvc_firmware -

supermicro x13deg-qt_firmware -

supermicro x13dei_firmware -

supermicro x13dei-t_firmware -

supermicro x13dem_firmware -

supermicro x13det-b_firmware -

supermicro x13dgu_firmware -

supermicro x13dsf-a_firmware -

supermicro x13qeh\\+_firmware -

supermicro x13sae_firmware -

supermicro x13sae-f_firmware -

supermicro x13san-c_firmware -

supermicro x13san-c-wohs_firmware -

supermicro x13san-e_firmware -

supermicro x13san-e-wohs_firmware -

supermicro x13san-h_firmware -

supermicro x13san-h-wohs_firmware -

supermicro x13san-l_firmware -

supermicro x13san-l-wohs_firmware -

supermicro x13saq_firmware -

supermicro x13sav-lvds_firmware -

supermicro x13sav-ps_firmware -

supermicro x13saz-f_firmware -

supermicro x13saz-q_firmware -

supermicro x13sedw-f_firmware -

supermicro x13seed-f_firmware -

supermicro x13seed-sf_firmware -

supermicro x13sefr-a_firmware -

supermicro x13sei-f_firmware -

supermicro x13sei-tf_firmware -

supermicro x13sem-f_firmware -

supermicro x13sem-tf_firmware -

supermicro x13set-g_firmware -

supermicro x13set-gc_firmware -

supermicro x13sew-f_firmware -

supermicro x13sew-tf_firmware -

supermicro x13sra-tf_firmware -

supermicro x13srn-e_firmware -

supermicro x13srn-e-wohs_firmware -

supermicro x13srn-h_firmware -

Github Repositories

https://github.com/risuxx/CVE-2023-34853

CVE-2023-34853 This repository is used to disclose some details about CVE-2023-34853 The vulnerability appears in Supermicro motherboard X12DPG-QR 14b and will be fixed in version 15 In the SmcSecureErase file (GUID: 2B7C2FD1-C1CF-AB1D-C3BB-D1D691FB131E) within the BIOS firmware, there is a stack overflow vulnerability at offset 0x2CC2 The speculated code with the vulnerab

References

CWE-787https://www.supermicro.com/en/support/security_BIOS_Aug_2023https://www.supermicro.com/Bios/softfiles/17136/X12DPG-QR_1.4b_X1.02.61_SUM2.10.0.zip.https://nvd.nist.govhttps://github.com/risuxx/CVE-2023-34853
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
encryptionCVE-2024-4331CVE-2024-26925arbitrary codeCVE-2006-4304CVE-2024-25458CVE-2024-27077reflected XSSCVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook