all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Supermicro's BMC Firmware Found Vulnerable to Multiple Critical Vulnerabilities

Add to bookmarks
Oct. 6, 2023, 6:02 a.m. | info@thehackernews.com (The Hacker News)

The Hacker News thehackernews.com

Multiple security vulnerabilities have been disclosed in the Intelligent Platform Management Interface (IPMI) firmware for Supermicro baseboard management controllers (BMCs) that could result in privilege escalation and execution of malicious code on affected systems.
The seven flaws, tracked from CVE-2023-40284 through CVE-2023-40290, vary in severity from High to Critical, according to Binarly

bmc bmcs code controllers critical critical vulnerabilities cve escalation firmware flaws found high interface ipmi malicious management platform privilege privilege escalation result security severity supermicro systems vulnerabilities vulnerable

Visit resource

More from thehackernews.com / The Hacker News

FIN7 Hacker Group Leverages Malicious Google Ads to Deliver NetSupport RAT 7 hours ago | thehackernews.com
actor ads anydesk asana +20
North Korean Hackers Deploy New Golang Malware 'Durian' Against Crypto Firms 23 hours ago | thehackernews.com
actor attacks backdoor commands +20
CensysGPT: AI-Powered Threat Hunting for Cybersecurity Pros (Webinar) 1 day, 1 hour ago | thehackernews.com
advanced ai-powered ai tools artificial +19
Chrome Zero-Day Alert — Update Your Browser to Patch New Vulnerability 1 day, 4 hours ago | thehackernews.com
actively exploited address alert anonymous +25
What's the Right EDR for You? 1 day, 4 hours ago | thehackernews.com
and response antivirus business businesses +18
Malicious Android Apps Pose as Google, Instagram, WhatsApp, Spread via Smishing 1 day, 4 hours ago | thehackernews.com
android android app android apps app +20
Researchers Uncover 'LLMjacking' Scheme Targeting Cloud-Hosted AI Models 1 day, 7 hours ago | thehackernews.com
access ai models attack cloud +24
New TunnelVision Attack Allows Hijacking of VPN Traffic via DHCP Manipulation 1 day, 20 hours ago | thehackernews.com
attack bypass cve cve-2024 +25
Kremlin-Backed APT28 Targets Polish Institutions in Large-Scale Malware Campaign 1 day, 23 hours ago | thehackernews.com
actor apt28 called campaign +23

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SAP Security Administrator

@ FARO Technologies | Americas-US-Lake Mary-125 Bldg
View on infosec-jobs.com

Cloud Security Engineer, Specialist

@ Vanguard | Malvern, PA
View on infosec-jobs.com

Cybersecurity Assessment and Authorization Specialist

@ Booz Allen Hamilton | USA, MD, Bethesda (9000 Rockville Pike)
View on infosec-jobs.com

Network Security Specialist

@ IAG GBS | Madrid, Spain
View on infosec-jobs.com

Information System Security Officer

@ CSEngineering | Nellis Air Force Base, NV, USA
View on infosec-jobs.com

Senior Consultant, Risk and Governance

@ CIBC | Toronto-CC East 11th Floor
View on infosec-jobs.com
View more jobs