CVE-2024-10237

High

Published: 04 February 2025

Published

04 February 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0002 4.0th percentile

Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Description

There is a vulnerability in the BMC firmware image authentication design at Supermicro MBD-X12DPG-OA6 . An attacker can modify the firmware to bypass BMC inspection and bypass the signature verification process

Security Summary

CVE-2024-10237, published on 2025-02-04, is a vulnerability in the BMC firmware image authentication design of the Supermicro MBD-X12DPG-OA6 motherboard. It enables an attacker to modify the firmware image to bypass BMC inspection and the signature verification process. The issue maps to CWE-345 and CWE-347, with a CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).

The vulnerability can be exploited over the network by an attacker with high privileges, such as privileged BMC access, requiring low complexity and no user interaction. Successful exploitation grants high impacts on confidentiality, integrity, and availability, allowing the attacker to install unauthorized firmware modifications and potentially achieve full BMC compromise.

Supermicro has issued a security advisory at https://www.supermicro.com/en/support/security_BMC_IPMI_Jan_2025 addressing this BMC/IPMI vulnerability.

Details

CWE(s): CWE-345CWE-347

References

https://www.supermicro.com/en/support/security_BMC_IPMI_Jan_2025
def9a96e-e099-41a9-bfac-30fd4f82c411