Metasploit modules that can be used to exploit Supermicro products

This module checks for a static SSL certificate shipped with Supermicro Onboard IPMI controllers. An attacker with access to the publicly-available firmware can perform man-in-the-middle attacks and offline decryption of communication to the controller. This module has been on a Supermicro Onboard IPMI (X9SCL/X9SCM) with firmware version SMT_X9_214. Authors: - hdm <x@hdm.io> - juan

More information

This module exploits a buffer overflow on the Supermicro Onboard IPMI controller web interface. The vulnerability exists on the close_window.cgi CGI application, and is due to the insecure usage of strcpy. In order to get a session, the module will execute system() from libc with an arbitrary CMD payload sent on the User-Agent header. This module has been tested successfully on Supermicro Onboard IPMI (X9SCL/X9SCM) with firmware SMT_X9_214. Authors: - hdm <x@hdm.io> - juan vazquez <juan.vazquez@metasploit.com>

More information

This module checks for known vulnerabilities in the CGI applications of Supermicro Onboard IPMI controllers. These issues currently include several unauthenticated buffer overflows in the login.cgi and close_window.cgi components. Authors: - hdm <x@hdm.io> - juan vazquez <juan.vazquez@metasploit.com>

More information

This module identifies IPMI 2.0-compatible systems that are vulnerable to an authentication bypass vulnerability through the use of cipher zero. Authors: - Dan Farmer <zen@fish2.com> - hdm <x@hdm.io>

More information