CVE-2023-33411

A web server in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implementation on Supermicro X11 and M11 based devices, with firmware versions up to 3.17.02, allows remote unauthenticated users to perform directory traversal, potentially disclosing sensitive information.

Published: 2023-12-07 Last update: 2024-11-21 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2023-33411 is rated Moderate Risk (59.1/100): CVSS High severity, with medium exploitation likelihood (EPSS 1.73%). Review affected assets and schedule remediation.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2023-33411

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-02-11 1.33% 1.73% +0.40%
2 2025-11-21 3.69% 1.33% -2.35%
3 2025-11-18 3.69%

Full EPSS history (16 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2023-33411

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
7.5 3.1 HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Click to expand
Attack vector (AV:N)
Could be attacked over the internet or any normal routed network—not just someone sitting at the machine.
Attack complexity (AC:L)
Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:N)
No account or special rights needed—anonymous or random user is enough.
User interaction (UI:N)
Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:U)
Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:H)
Serious risk that confidential data gets exposed in a big way.
Integrity (I:N)
Data isn’t meaningfully altered or forged.
Availability (A:N)
Service keeps running; no real outage angle.
 3.9 3.6 [email protected]

Weakness enumeration for CVE-2023-33411

Affected software / configurations for CVE-2023-33411

Vendor Product Version Raw CPE
supermicro m11sdv-4c-ln4f_firmware <= 3.17.02 cpe:2.3:o:supermicro:m11sdv-4c-ln4f_firmware:*:*:*:*:*:*:*:*
supermicro m11sdv-4ct-ln4f_firmware <= 3.17.02 cpe:2.3:o:supermicro:m11sdv-4ct-ln4f_firmware:*:*:*:*:*:*:*:*
supermicro m11sdv-8c-ln4f_firmware <= 3.17.02 cpe:2.3:o:supermicro:m11sdv-8c-ln4f_firmware:*:*:*:*:*:*:*:*
supermicro m11sdv-8ct-ln4f_firmware <= 3.17.02 cpe:2.3:o:supermicro:m11sdv-8ct-ln4f_firmware:*:*:*:*:*:*:*:*
supermicro m11sdv-8c\+-ln4f_firmware <= 3.17.02 cpe:2.3:o:supermicro:m11sdv-8c\+-ln4f_firmware:*:*:*:*:*:*:*:*
supermicro c9x299-pg_firmware <= 3.17.02 cpe:2.3:o:supermicro:c9x299-pg_firmware:*:*:*:*:*:*:*:*
supermicro c9x299-pg300_firmware <= 3.17.02 cpe:2.3:o:supermicro:c9x299-pg300_firmware:*:*:*:*:*:*:*:*
supermicro c9x299-pg300f_firmware <= 3.17.02 cpe:2.3:o:supermicro:c9x299-pg300f_firmware:*:*:*:*:*:*:*:*
supermicro c9x299-pgf_firmware <= 3.17.02 cpe:2.3:o:supermicro:c9x299-pgf_firmware:*:*:*:*:*:*:*:*
supermicro c9x299-pgf-l_firmware <= 3.17.02 cpe:2.3:o:supermicro:c9x299-pgf-l_firmware:*:*:*:*:*:*:*:*
supermicro c9x299-rpgf_firmware <= 3.17.02 cpe:2.3:o:supermicro:c9x299-rpgf_firmware:*:*:*:*:*:*:*:*
supermicro c9x299-rpgf-l_firmware <= 3.17.02 cpe:2.3:o:supermicro:c9x299-rpgf-l_firmware:*:*:*:*:*:*:*:*
supermicro b13dee_firmware <= 3.17.02 cpe:2.3:o:supermicro:b13dee_firmware:*:*:*:*:*:*:*:*
supermicro b13det_firmware <= 3.17.02 cpe:2.3:o:supermicro:b13det_firmware:*:*:*:*:*:*:*:*
supermicro b13see-cpu-25g_firmware <= 3.17.02 cpe:2.3:o:supermicro:b13see-cpu-25g_firmware:*:*:*:*:*:*:*:*
supermicro b13seg_firmware <= 3.17.02 cpe:2.3:o:supermicro:b13seg_firmware:*:*:*:*:*:*:*:*
supermicro h13dsg-o-cpu_firmware <= 3.17.02 cpe:2.3:o:supermicro:h13dsg-o-cpu_firmware:*:*:*:*:*:*:*:*
supermicro h13dsg-o-cpu-d_firmware <= 3.17.02 cpe:2.3:o:supermicro:h13dsg-o-cpu-d_firmware:*:*:*:*:*:*:*:*
supermicro h13dsg-om_firmware <= 3.17.02 cpe:2.3:o:supermicro:h13dsg-om_firmware:*:*:*:*:*:*:*:*
supermicro h13dsh_firmware <= 3.17.02 cpe:2.3:o:supermicro:h13dsh_firmware:*:*:*:*:*:*:*:*
supermicro h13sae-mf_firmware <= 3.17.02 cpe:2.3:o:supermicro:h13sae-mf_firmware:*:*:*:*:*:*:*:*
supermicro h13sra-f_firmware <= 3.17.02 cpe:2.3:o:supermicro:h13sra-f_firmware:*:*:*:*:*:*:*:*
supermicro h13sra-tf_firmware <= 3.17.02 cpe:2.3:o:supermicro:h13sra-tf_firmware:*:*:*:*:*:*:*:*
supermicro h13srd-f_firmware <= 3.17.02 cpe:2.3:o:supermicro:h13srd-f_firmware:*:*:*:*:*:*:*:*
supermicro h13ssf_firmware <= 3.17.02 cpe:2.3:o:supermicro:h13ssf_firmware:*:*:*:*:*:*:*:*
supermicro h13ssh_firmware <= 3.17.02 cpe:2.3:o:supermicro:h13ssh_firmware:*:*:*:*:*:*:*:*
supermicro h13ssl-n_firmware <= 3.17.02 cpe:2.3:o:supermicro:h13ssl-n_firmware:*:*:*:*:*:*:*:*
supermicro h13ssl-nt_firmware <= 3.17.02 cpe:2.3:o:supermicro:h13ssl-nt_firmware:*:*:*:*:*:*:*:*
supermicro h13sst-g_firmware <= 3.17.02 cpe:2.3:o:supermicro:h13sst-g_firmware:*:*:*:*:*:*:*:*
supermicro h13sst-gc_firmware <= 3.17.02 cpe:2.3:o:supermicro:h13sst-gc_firmware:*:*:*:*:*:*:*:*
supermicro h13ssw_firmware <= 3.17.02 cpe:2.3:o:supermicro:h13ssw_firmware:*:*:*:*:*:*:*:*
supermicro h13svw-n_firmware <= 3.17.02 cpe:2.3:o:supermicro:h13svw-n_firmware:*:*:*:*:*:*:*:*
supermicro h13svw-nt_firmware <= 3.17.02 cpe:2.3:o:supermicro:h13svw-nt_firmware:*:*:*:*:*:*:*:*
supermicro x13dai-t_firmware <= 3.17.02 cpe:2.3:o:supermicro:x13dai-t_firmware:*:*:*:*:*:*:*:*
supermicro x13ddw-a_firmware <= 3.17.02 cpe:2.3:o:supermicro:x13ddw-a_firmware:*:*:*:*:*:*:*:*
supermicro x13deg-oa_firmware <= 3.17.02 cpe:2.3:o:supermicro:x13deg-oa_firmware:*:*:*:*:*:*:*:*
supermicro x13deg-oad_firmware <= 3.17.02 cpe:2.3:o:supermicro:x13deg-oad_firmware:*:*:*:*:*:*:*:*
supermicro x13deg-pvc_firmware <= 3.17.02 cpe:2.3:o:supermicro:x13deg-pvc_firmware:*:*:*:*:*:*:*:*
supermicro x13deg-qt_firmware <= 3.17.02 cpe:2.3:o:supermicro:x13deg-qt_firmware:*:*:*:*:*:*:*:*
supermicro x13deh_firmware <= 3.17.02 cpe:2.3:o:supermicro:x13deh_firmware:*:*:*:*:*:*:*:*
supermicro x13dei_firmware <= 3.17.02 cpe:2.3:o:supermicro:x13dei_firmware:*:*:*:*:*:*:*:*
supermicro x13dei-t_firmware <= 3.17.02 cpe:2.3:o:supermicro:x13dei-t_firmware:*:*:*:*:*:*:*:*
supermicro x13dem_firmware <= 3.17.02 cpe:2.3:o:supermicro:x13dem_firmware:*:*:*:*:*:*:*:*
supermicro x13det-b_firmware <= 3.17.02 cpe:2.3:o:supermicro:x13det-b_firmware:*:*:*:*:*:*:*:*
supermicro x13dgu_firmware <= 3.17.02 cpe:2.3:o:supermicro:x13dgu_firmware:*:*:*:*:*:*:*:*
supermicro x13dsf-a_firmware <= 3.17.02 cpe:2.3:o:supermicro:x13dsf-a_firmware:*:*:*:*:*:*:*:*
supermicro x13qeh\+_firmware <= 3.17.02 cpe:2.3:o:supermicro:x13qeh\+_firmware:*:*:*:*:*:*:*:*
supermicro x13sae_firmware <= 3.17.02 cpe:2.3:o:supermicro:x13sae_firmware:*:*:*:*:*:*:*:*
supermicro x13sae-f_firmware <= 3.17.02 cpe:2.3:o:supermicro:x13sae-f_firmware:*:*:*:*:*:*:*:*
supermicro x13san-c_firmware <= 3.17.02 cpe:2.3:o:supermicro:x13san-c_firmware:*:*:*:*:*:*:*:*
supermicro x13san-c-wohs_firmware <= 3.17.02 cpe:2.3:o:supermicro:x13san-c-wohs_firmware:*:*:*:*:*:*:*:*
supermicro x13san-e_firmware <= 3.17.02 cpe:2.3:o:supermicro:x13san-e_firmware:*:*:*:*:*:*:*:*
supermicro x13san-e-wohs_firmware <= 3.17.02 cpe:2.3:o:supermicro:x13san-e-wohs_firmware:*:*:*:*:*:*:*:*
supermicro x13san-h_firmware <= 3.17.02 cpe:2.3:o:supermicro:x13san-h_firmware:*:*:*:*:*:*:*:*
supermicro x13san-h-wohs_firmware <= 3.17.02 cpe:2.3:o:supermicro:x13san-h-wohs_firmware:*:*:*:*:*:*:*:*
supermicro x13san-l_firmware <= 3.17.02 cpe:2.3:o:supermicro:x13san-l_firmware:*:*:*:*:*:*:*:*
supermicro x13san-l-wohs_firmware <= 3.17.02 cpe:2.3:o:supermicro:x13san-l-wohs_firmware:*:*:*:*:*:*:*:*
supermicro x13saq_firmware <= 3.17.02 cpe:2.3:o:supermicro:x13saq_firmware:*:*:*:*:*:*:*:*
supermicro x13sav-lvds_firmware <= 3.17.02 cpe:2.3:o:supermicro:x13sav-lvds_firmware:*:*:*:*:*:*:*:*
supermicro x13sav-ps_firmware <= 3.17.02 cpe:2.3:o:supermicro:x13sav-ps_firmware:*:*:*:*:*:*:*:*
supermicro x13saz-f_firmware <= 3.17.02 cpe:2.3:o:supermicro:x13saz-f_firmware:*:*:*:*:*:*:*:*
supermicro x13saz-q_firmware <= 3.17.02 cpe:2.3:o:supermicro:x13saz-q_firmware:*:*:*:*:*:*:*:*
supermicro x13sedw-f_firmware <= 3.17.02 cpe:2.3:o:supermicro:x13sedw-f_firmware:*:*:*:*:*:*:*:*
supermicro x13seed-f_firmware <= 3.17.02 cpe:2.3:o:supermicro:x13seed-f_firmware:*:*:*:*:*:*:*:*
supermicro x13seed-sf_firmware <= 3.17.02 cpe:2.3:o:supermicro:x13seed-sf_firmware:*:*:*:*:*:*:*:*
supermicro x13sefr-a_firmware <= 3.17.02 cpe:2.3:o:supermicro:x13sefr-a_firmware:*:*:*:*:*:*:*:*
supermicro x13sei-f_firmware <= 3.17.02 cpe:2.3:o:supermicro:x13sei-f_firmware:*:*:*:*:*:*:*:*
supermicro x13sei-tf_firmware <= 3.17.02 cpe:2.3:o:supermicro:x13sei-tf_firmware:*:*:*:*:*:*:*:*
supermicro x13sem-f_firmware <= 3.17.02 cpe:2.3:o:supermicro:x13sem-f_firmware:*:*:*:*:*:*:*:*
supermicro x13sem-tf_firmware <= 3.17.02 cpe:2.3:o:supermicro:x13sem-tf_firmware:*:*:*:*:*:*:*:*
supermicro x13set-g_firmware <= 3.17.02 cpe:2.3:o:supermicro:x13set-g_firmware:*:*:*:*:*:*:*:*
supermicro x13set-gc_firmware <= 3.17.02 cpe:2.3:o:supermicro:x13set-gc_firmware:*:*:*:*:*:*:*:*
supermicro x13sew-f_firmware <= 3.17.02 cpe:2.3:o:supermicro:x13sew-f_firmware:*:*:*:*:*:*:*:*
supermicro x13sew-tf_firmware <= 3.17.02 cpe:2.3:o:supermicro:x13sew-tf_firmware:*:*:*:*:*:*:*:*
supermicro x13sra-tf_firmware <= 3.17.02 cpe:2.3:o:supermicro:x13sra-tf_firmware:*:*:*:*:*:*:*:*
supermicro x13srn-e_firmware <= 3.17.02 cpe:2.3:o:supermicro:x13srn-e_firmware:*:*:*:*:*:*:*:*
supermicro x13srn-e-wohs_firmware <= 3.17.02 cpe:2.3:o:supermicro:x13srn-e-wohs_firmware:*:*:*:*:*:*:*:*
supermicro x13srn-h_firmware <= 3.17.02 cpe:2.3:o:supermicro:x13srn-h_firmware:*:*:*:*:*:*:*:*
supermicro x13srn-h-wohs_firmware <= 3.17.02 cpe:2.3:o:supermicro:x13srn-h-wohs_firmware:*:*:*:*:*:*:*:*
supermicro x13swa-tf_firmware <= 3.17.02 cpe:2.3:o:supermicro:x13swa-tf_firmware:*:*:*:*:*:*:*:*

References for CVE-2023-33411

cvelogic Threat Intelligence