#VU51219 Security restrictions bypass in Super Micro Computer, Inc. products

Vulnerability identifier: #VU51219

Vulnerability risk: High

CVSSv4.0: 8.5 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber]

CVE-ID: N/A

CWE-ID: CWE-264

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
X10SLH-F
Hardware solutions / Firmware
X10SLL-F
Hardware solutions / Firmware
X10SLM-F
Hardware solutions / Firmware
X10SLL+-F
Hardware solutions / Firmware
X10SLM+-F
Hardware solutions / Firmware
X10SLM+-LN4F
Hardware solutions / Firmware
X10SLA-F
Hardware solutions / Firmware
X10SL7-F
Hardware solutions / Firmware
X10SLL-S/-SF
Hardware solutions / Firmware

Vendor: Super Micro Computer, Inc.

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions in BIOS firmware for X10 UP-series (H3 Single Socket “Denlow”) motherboard. A local user can plant malware into motherboard firmware and establish permanent persistence on the system, even if OS is reinstalled.

Note, the vulnerability is being actively exploited in the wild by the TrickBoot malware.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

X10SLH-F: All versions

X10SLL-F: All versions

X10SLM-F: All versions

X10SLL+-F: All versions

X10SLM+-F: All versions

X10SLM+-LN4F: All versions

X10SLA-F: All versions

X10SL7-F: All versions

X10SLL-S/-SF: All versions

---

External links
https://www.supermicro.com/en/support/security/Trickbot

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.