CVE-2020-15046
23Vexday Risk Score
No sign of exploitation. It has a public proof of concept.
ssvc Attendepss 2.3%
from disclosure to weapon14 days
Published on NVDJun 24
1st PoC+14d
exploitation probability
2.3%top 19% of all CVEs
observed exploitation
nono source reports it
3 public exploit(s)
The web interface on Supermicro X10DRH-iT motherboards with BIOS 2.0a and IPMI firmware 03.40 allows remote attackers to exploit a cgi/config_user.cgi CSRF issue to add new admin users. The fixed versions are BIOS 3.2 and firmware 03.88.
Affected products
n/a · n/apublic PoCs found — 3
cve_referencepacketstormsecurity.com/files/158373/SuperMicro-IPMI-03.40-Cross-Site-Request-Forgery.htmlunverifiedexploitdbwww.exploit-db.com/exploits/48652unverifiedexploitdbwww.exploit-db.com/exploits/48668unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.