CVE-2024-36435

{"id": "CVE-2024-36435", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cve@mitre.org", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2024-07-11T21:15:12.507", "references": [{"url": "https://www.supermicro.com/zh_tw/support/security_BMC_IPMI_Jul_2024", "source": "cve@mitre.org"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-121"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered on Supermicro BMC firmware in select X11, X12, H12, B12, X13, H13, and B13 motherboards (and CMM6 modules). An unauthenticated user can post crafted data to the interface that triggers a stack buffer overflow, and may lead to arbitrary remote code execution on a BMC."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en el firmware Supermicro BMC en placas base seleccionadas X11, X12, H12, B12, X13, H13 y B13 (y m\u00f3dulos CMM6). Un usuario no autenticado puede publicar datos manipulados en la interfaz, lo que desencadena un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria y puede provocar la ejecuci\u00f3n remota arbitraria de c\u00f3digo en un BMC."}], "lastModified": "2024-08-01T13:52:50.527", "sourceIdentifier": "cve@mitre.org"}