N/A

On SuperMicro X8STi-F motherboards with IPMI firmware 2.06 and BIOS 02.68, the Virtual Media feature allows OS Command Injection by authenticated attackers who can send HTTP requests to the IPMI IP address. This requires a POST to /rpc/setvmdrive.asp with shell metacharacters in ShareHost or ShareName. The attacker can achieve a persistent backdoor.

N/A

N/A

SuperMicro X8STi-F 操作系统命令注入漏洞

SuperMicro X8STi-F是美国SuperMicro公司的一款计算机主板。 SuperMicro X8STi-F（带有IPMI固件2.06版本和BIOS 02.68版本）中的Virtual Media功能存在操作系统命令注入漏洞。攻击者可通过向IPMI IP地址发送HTTP请求利用该漏洞获得一个持久性的后门。

N/A

N/A