Exploits / Vulnerability Discovered : 2020-07-08 |
Type : webapps |
Platform : hardware
This exploit / vulnerability Supermicro ipmi 03.40 crosssite request forgery (add admin) is for educational purposes only and if it is used you will do on your own risk!
# Description:
# The web interface on Supermicro X10DRH-iT motherboards with BIOS 2.0a and
# IPMI firmware 03.40
# allows remote attackers to exploit a cgi/config_user.cgi CSRF issue to
add new admin users.
# The fixed versions are BIOS 3.2 and firmware 03.88.