CVE-2024-10239 - Vulnerability Details - OpenCVE

A security issue in the firmware image verification implementation at Supermicro MBD-X12DPG-OA6 . An attacker with administrator privileges can upload a specially crafted image, which can cause a stack overflow due to the unchecked fat->fsd.max_fld.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

No data.

No data.

No data.

References

Link	Providers
https://www.supermicro.com/en/support/security_BMC_IPMI_Jan_2025

History

Tue, 15 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00069}`	epss `{'score': 0.00087}`

Tue, 04 Feb 2025 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 04 Feb 2025 08:15:00 +0000

Type	Values Removed	Values Added
Description		A security issue in the firmware image verification implementation at Supermicro MBD-X12DPG-OA6 . An attacker with administrator privileges can upload a specially crafted image, which can cause a stack overflow due to the unchecked fat->fsd.max_fld.
Title		fld->used_bytes without sanity check causes stack overflow
Weaknesses		CWE-121
References		https://www.supermicro.com/en/support/security_BMC_IPMI_Jan_2025
Metrics		cvssV3_1 `{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: Supermicro

Published: 2025-02-04T08:02:02.414Z

Updated: 2025-02-04T14:25:28.872Z

Reserved: 2024-10-22T03:14:25.875Z

Link: CVE-2024-10239

Vulnrichment

Updated: 2025-02-04T14:25:15.624Z

NVD

Status : Received

Published: 2025-02-04T08:15:28.430

Modified: 2025-02-04T08:15:28.430

Link: CVE-2024-10239

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-10239", "assignerOrgId": "def9a96e-e099-41a9-bfac-30fd4f82c411", "state": "PUBLISHED", "assignerShortName": "Supermicro", "dateReserved": "2024-10-22T03:14:25.875Z", "datePublished": "2025-02-04T08:02:02.414Z", "dateUpdated": "2025-02-04T14:25:28.872Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "platforms": ["BMC"], "product": "MBD-X12DPG-OA6", "vendor": "SMCI", "versions": [{"status": "affected", "version": "1.04.16", "versionType": "BMC"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">A security issue in the firmware image verification implementation at Supermicro MBD-X12DPG-OA6 . An attacker with administrator privileges can upload a specially crafted image, which can cause a stack overflow due to the unchecked fat->fsd.max_fld.</span>"}], "value": "A security issue in the firmware image verification implementation at Supermicro\u00a0MBD-X12DPG-OA6\u00a0. An attacker with administrator privileges can upload a specially crafted image, which can cause a stack overflow due to the unchecked fat->fsd.max_fld."}], "impacts": [{"capecId": "CAPEC-112", "descriptions": [{"lang": "en", "value": "CAPEC-112: Overflow Buffers"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-121", "description": "CWE-121: Stack-based Buffer Overflow", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "def9a96e-e099-41a9-bfac-30fd4f82c411", "shortName": "Supermicro", "dateUpdated": "2025-02-04T08:02:02.414Z"}, "references": [{"url": "https://www.supermicro.com/en/support/security_BMC_IPMI_Jan_2025"}], "source": {"discovery": "EXTERNAL"}, "title": "fld->used_bytes without sanity check causes stack overflow", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-02-04T14:25:08.579433Z", "id": "CVE-2024-10239", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-04T14:25:28.872Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-10239", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-02-04T14:25:08.579433Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-04T14:25:15.624Z"}}], "cna": {"title": "fld->used_bytes without sanity check causes stack overflow", "source": {"discovery": "EXTERNAL"}, "impacts": [{"capecId": "CAPEC-112", "descriptions": [{"lang": "en", "value": "CAPEC-112: Overflow Buffers"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "SMCI", "product": "MBD-X12DPG-OA6", "versions": [{"status": "affected", "version": "1.04.16", "versionType": "BMC"}], "platforms": ["BMC"], "defaultStatus": "affected"}], "references": [{"url": "https://www.supermicro.com/en/support/security_BMC_IPMI_Jan_2025"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "A security issue in the firmware image verification implementation at Supermicro\u00a0MBD-X12DPG-OA6\u00a0. An attacker with administrator privileges can upload a specially crafted image, which can cause a stack overflow due to the unchecked fat->fsd.max_fld.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">A security issue in the firmware image verification implementation at Supermicro MBD-X12DPG-OA6 . An attacker with administrator privileges can upload a specially crafted image, which can cause a stack overflow due to the unchecked fat->fsd.max_fld.</span>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-121", "description": "CWE-121: Stack-based Buffer Overflow"}]}], "providerMetadata": {"orgId": "def9a96e-e099-41a9-bfac-30fd4f82c411", "shortName": "Supermicro", "dateUpdated": "2025-02-04T08:02:02.414Z"}}}, "cveMetadata": {"cveId": "CVE-2024-10239", "state": "PUBLISHED", "dateUpdated": "2025-02-04T14:25:28.872Z", "dateReserved": "2024-10-22T03:14:25.875Z", "assignerOrgId": "def9a96e-e099-41a9-bfac-30fd4f82c411", "datePublished": "2025-02-04T08:02:02.414Z", "assignerShortName": "Supermicro"}, "dataVersion": "5.1"}