Metasploit modules that can be used to exploit Supermicro products
-
Supermicro Onboard IPMI Static SSL Certificate Scanner
Disclosure Date: 2013-11-06First seen: 2020-04-26auxiliary/scanner/http/smt_ipmi_static_cert_scannerThis module checks for a static SSL certificate shipped with Supermicro Onboard IPMI controllers. An attacker with access to the publicly-available firmware can perform man-in-the-middle attacks and offline decryption of communication to the controller. This module has been on a Supermicro Onboard IPMI (X9SCL/X9SCM) with firmware version SMT_X9_214. Authors: - hdm <x@hdm.io> - juan -
Supermicro Onboard IPMI close_window.cgi Buffer Overflow
Disclosure Date: 2013-11-06First seen: 2020-04-26exploit/linux/http/smt_ipmi_close_window_bofThis module exploits a buffer overflow on the Supermicro Onboard IPMI controller web interface. The vulnerability exists on the close_window.cgi CGI application, and is due to the insecure usage of strcpy. In order to get a session, the module will execute system() from libc with an arbitrary CMD payload sent on the User-Agent header. This module has been tested successfully on Supermicro Onboard IPMI (X9SCL/X9SCM) with firmware SMT_X9_214. Authors: - hdm <x@hdm.io> - juan vazquez <juan.vazquez@metasploit.com> -
Supermicro Onboard IPMI CGI Vulnerability Scanner
Disclosure Date: 2013-11-06First seen: 2020-04-26auxiliary/scanner/http/smt_ipmi_cgi_scannerThis module checks for known vulnerabilities in the CGI applications of Supermicro Onboard IPMI controllers. These issues currently include several unauthenticated buffer overflows in the login.cgi and close_window.cgi components. Authors: - hdm <x@hdm.io> - juan vazquez <juan.vazquez@metasploit.com> -
IPMI 2.0 Cipher Zero Authentication Bypass Scanner
Disclosure Date: 2013-06-20First seen: 2020-04-26auxiliary/scanner/ipmi/ipmi_cipher_zeroThis module identifies IPMI 2.0-compatible systems that are vulnerable to an authentication bypass vulnerability through the use of cipher zero. Authors: - Dan Farmer <zen@fish2.com> - hdm <x@hdm.io>
2 metasploit modules found
Please note: Metasploit modules are only matched by CVE numbers.
Visit metasploit web site for more details