Super Micro Computer, Inc.

Services and Support
Online Support
Onsite Services
Product Manuals

BMC/IPMI Security Vulnerability

    Researchers have identified vulnerabilities in the Virtual Media function of Supermicro BMCs. BMC/IPMI Virtual Media is a feature of the Virtual Console that enables users to attach a CD/DVD image to the server as a virtual CD/DVD drive. These vulnerabilities include plaintext authentication, weak encryption, and authentication bypass within the Virtual Media capabilities. Identified by researchers in the lab, the vulnerabilities have not been reported in a customer environment.

    We want to thank the Eclypsium team for bringing this issue to our attention and their collaboration on validating the remediation.

    Industry best practice is operating BMCs on an isolated private network not exposed to the internet, which would reduce, but not eliminate the identified exposure.

    Another potential interim remediation is to disable Virtual Media by blocking TCP port 623 and then upgrade to the latest security fix for BMC/IPMI firmware at a later date. Please follow these instructions to disable port TCP 623.

    New versions of the BMC software address these vulnerabilities. Check below for details on specific products.

View table that shows affected X9, X10, X11, H11, M11, and H12 Supermicro products.

Click for Logo Guidelines
Investor Relations    |   Jobs    |   Site Map    |   Follow Us    |   Terms & Conditions    |   Privacy
Copyright © 2019 Super Micro Computer, Inc. Information in this document is subject to change without notice.
Other products and companies referred to herein are trademarks or registered trademarks of their respective companies or mark holders.