The purpose of this vulnerability disclosure is to communicate of the potential vulnerability of Supermicro products that was found externally.
The Service Location Protocol (SLP) allows an unauthenticated, remote attacker to register arbitrary services. This could allow the attacker to use spoofed UDP traffic to conduct a denial-of-service (DoS) attack with a significant amplification factor.
- CVE: CVE-2023-29552
- Severity: High
Product affected is Supermicro BMC firmware running on the Blade Chassis Management Module (CMM)
- CMM Neighbors feature using SLP will be disabled on CMM.
- A warning will be issued if a user selects an option to enable CMM Neighbors feature.