Supermicro MBD-X12DPG-OA6 BMC Firmware Stack Overflow Vulnerability

A stack overflow vulnerability has been identified in the BMC firmware of Supermicro motherboards, specifically in the MBD-X12DPG-OA6 model. This issue arises from the firmware image verification process, where an attacker with administrator privileges can upload a specially crafted image. The vulnerability is caused by unchecked fields in the firmware image, allowing for a stack overflow condition.

Impact

Exploitation of this vulnerability leads to a stack overflow, which can potentially be used to execute arbitrary code or cause a denial-of-service condition by crashing the system.

Remediation

Users are advised to update the BMC firmware to the latest version. An updated firmware has been released to address this vulnerability. For immediate guidance, refer to the Supermicro BMC Configuration Best Practices Guide.