{"vulnerability": "cve-2023-4028", "sightings": [{"uuid": "303002c5-d216-4ece-a66f-cd85440c92e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-40289", "type": "published-proof-of-concept", "source": "Telegram/D5QPZ9WrgqkEioy1cmTYsg8EQzVbRgvjy-VGvcVDsQxewEI", "content": "", "creation_timestamp": "2025-09-30T21:00:04.000000Z"}, {"uuid": "98c1ba77-8aba-4e5e-9ee5-5f45def9986b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-40289", "type": "published-proof-of-concept", "source": "Telegram/FCv5Reostm8rtH-HSRgck4tEjAMnMY27rDYTCURpPWjExXg", "content": "", "creation_timestamp": "2025-09-30T03:00:06.000000Z"}, {"uuid": "7cf6866e-848a-473c-9e3c-1815e089f336", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-40284", "type": "seen", "source": "https://t.me/KomunitiSiber/895", "content": "Supermicro's BMC Firmware Found Vulnerable to Multiple Critical Vulnerabilities\nhttps://thehackernews.com/2023/10/supermicros-bmc-firmware-found.html\n\nMultiple security vulnerabilities have been disclosed in the Intelligent Platform Management Interface (IPMI) firmware for Supermicro baseboard management controllers (BMCs) that could result in privilege escalation and execution of malicious code on affected systems.\nThe seven flaws, tracked from CVE-2023-40284 through CVE-2023-40290, vary in severity from High to Critical, according to Binarly", "creation_timestamp": "2023-10-06T09:18:47.000000Z"}, {"uuid": "db4fceee-718f-47d4-a92f-4ae51952869d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-40284", "type": "seen", "source": "Telegram/1ijNbUbO8yc9BpkvNnkSlSSRpt94dd66KRvmrGADFgP41g", "content": "", "creation_timestamp": "2023-10-06T09:19:18.000000Z"}, {"uuid": "1d10c8fe-2b07-4fe8-b2a1-d147d89a28f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-40284", "type": "seen", "source": "https://t.me/thehackernews/3973", "content": "\ud83d\udea8 Multiple security flaws in Supermicro's BMC firmware pose severe risks. Know the risks from CVE-2023-40284 to CVE-2023-40290, allowing unauthenticated attackers to gain root access. \n \nRead: https://thehackernews.com/2023/10/supermicros-bmc-firmware-found.html \n \nIs your system one of the 70,000 exposed?", "creation_timestamp": "2023-10-06T08:11:16.000000Z"}, {"uuid": "c54969a0-aed2-4a55-9a0f-17e2aa2fc920", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-40289", "type": "seen", "source": "", "content": "", "creation_timestamp": "2024-10-18T12:34:41.203979Z"}, {"uuid": "f71960fd-c9c7-4595-aab5-1aff0a057036", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-40289", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3m2ahapxtqd2q", "content": "", "creation_timestamp": "2025-10-02T21:02:29.351862Z"}, {"uuid": "05f8cf8f-34b7-45f6-b7e9-6f148dfc24b0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-40289", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/92582bf5-d92c-47fe-b891-656d271bbfef", "content": "", "creation_timestamp": "2024-10-14T15:50:35.983245Z"}, {"uuid": "1b05d4e0-320b-4cf4-946d-77a2f0c74e77", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-40289", "type": "seen", "source": "https://t.me/true_secator/4933", "content": "\u0421\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u044b Binarly \u0440\u0430\u0441\u043a\u0440\u044b\u043b\u0438 \u0441\u0435\u043c\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 \u0441\u0442\u0430\u0440\u044b\u0445 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440\u0430\u0445 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043e\u0441\u043d\u043e\u0432\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u043e\u0439 BMC \u043e\u0442 Supermicro, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u043e\u0433\u0443\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u044b\u043c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c root-\u0434\u043e\u0441\u0442\u0443\u043f. \n\n\u0412\u0441\u0435 \u0441\u0435\u043c\u044c \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u043e\u0432 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u044b \u0432 \u043f\u0440\u043e\u0448\u0438\u0432\u043a\u0435 IPMI (Intelligent Platform Management Interface) \u0438 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0442 \u043c\u0430\u0442\u0435\u0440\u0438\u043d\u0441\u043a\u0438\u0435 \u043f\u043b\u0430\u0442\u044b X11, H11, B11, CMM, M11 \u0438 H12.\n\n\u041e\u0441\u043d\u043e\u0432\u043d\u043e\u0439 \u0431\u0430\u0433, CVE-2023-40289, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u043a\u043e\u0434 \u043d\u0430 BMC. \u041e\u0434\u043d\u0430\u043a\u043e \u0434\u043b\u044f \u044d\u0442\u043e\u0433\u043e \u0442\u0440\u0435\u0431\u0443\u044e\u0442\u0441\u044f \u043f\u0440\u0430\u0432\u0430 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430 \u0432 \u0432\u0435\u0431-\u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0435, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u043e\u0436\u043d\u043e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0448\u0435\u0441\u0442\u044c \u043e\u0441\u0442\u0430\u043b\u044c\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0438\u0445 \u0440\u0435\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u0442\u044c XSS-\u0430\u0442\u0430\u043a\u0438.\n\n\u0421\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u044b Binarly, \u0441\u0447\u0438\u0442\u0430\u044e\u0442 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0438 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u043c\u0438 \u0438 \u043f\u0440\u0438\u0441\u0432\u043e\u0438\u043b\u0438 \u0438\u043c \u043e\u0446\u0435\u043d\u043a\u0443 \u0432\u043f\u043b\u043e\u0442\u044c \u0434\u043e CVSS 9.6. \u041f\u0440\u0435\u0434\u043f\u043e\u043b\u0430\u0433\u0430\u0435\u0442\u0441\u044f, \u0447\u0442\u043e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u0437\u043d\u0430\u0435\u0442 IP-\u0430\u0434\u0440\u0435\u0441 \u0432\u0435\u0431-\u0441\u0435\u0440\u0432\u0435\u0440\u0430 BMC \u0438 \u0430\u0434\u0440\u0435\u0441 \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u043e\u0439 \u043f\u043e\u0447\u0442\u044b \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043e\u043d \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 \u0434\u043b\u044f \u043e\u0442\u043f\u0440\u0430\u0432\u043a\u0438 \u0444\u0438\u0448\u0438\u043d\u0433\u043e\u0432\u043e\u0433\u043e \u043f\u0438\u0441\u044c\u043c\u0430. \n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u0435 Binarly \u0431\u044b\u043b\u043e \u0441\u043e\u0441\u0440\u0435\u0434\u043e\u0442\u043e\u0447\u0435\u043d\u043e \u043d\u0430 \u0432\u0435\u0431-\u0441\u0435\u0440\u0432\u0435\u0440\u0435, \u043f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u043e\u043d \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u043d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u043c \u0438 \u043d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0432\u0435\u0440\u043e\u044f\u0442\u043d\u044b\u043c \u0432\u0435\u043a\u0442\u043e\u0440\u043e\u043c \u0430\u0442\u0430\u043a\u0438. \n\n\u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0430 \u0431\u043e\u043b\u0435\u0435 70 000 \u0441\u043b\u0443\u0447\u0430\u0435\u0432, \u043a\u043e\u0433\u0434\u0430 \u0432\u0435\u0431-\u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u044b IPMI Supermicro \u0431\u044b\u043b\u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b \u0432 \u0438\u043d\u0442\u0435\u0440\u043d\u0435\u0442\u0435.\n\n\u041f\u0440\u0438\u043c\u0435\u0447\u0430\u0442\u0435\u043b\u044c\u043d\u043e, \u0447\u0442\u043e \u0432\u0441\u0435 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u044b\u0435 Binarly \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043a\u0430\u0441\u0430\u044e\u0442\u0441\u044f \u043f\u0440\u043e\u0448\u0438\u0432\u043a\u0438 IPMI, \u043a\u043e\u0442\u043e\u0440\u0443\u044e \u0434\u043b\u044f Supermicro \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0430\u043b \u0441\u0442\u043e\u0440\u043e\u043d\u043d\u0438\u0439 \u043f\u043e\u0434\u0440\u044f\u0434\u0447\u0438\u043a ATEN.\n\n\u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f ATEN \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u043b\u0430 CVE-2023-40289 \u0448\u0435\u0441\u0442\u044c \u043c\u0435\u0441\u044f\u0446\u0435\u0432 \u043d\u0430\u0437\u0430\u0434, \u043d\u043e \u0432 \u043f\u0440\u043e\u0448\u0438\u0432\u043a\u0443 \u044d\u0442\u043e\u0442 \u043f\u0430\u0442\u0447 \u043d\u0435 \u0432\u043a\u043b\u044e\u0447\u0451\u043d \u0434\u043e \u0441\u0438\u0445 \u043f\u043e\u0440.\n\n\u041d\u0430\u043a\u043e\u043d\u0435\u0446, Supermicro \u043f\u0440\u0438\u0441\u0432\u043e\u0438\u043b\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c \u0440\u0435\u0439\u0442\u0438\u043d\u0433\u0438 \u043e\u0442 7,2 \u0434\u043e 8,3 \u0438\u0437 10, \u0442\u043e\u0433\u0434\u0430 \u043a\u0430\u043a Binarly \u043e\u0446\u0435\u043d\u0438\u043b\u0430 \u0438\u0445 \u043e\u0442 8,3 \u0434\u043e 9,6 \u0438\u0437 10.", "creation_timestamp": "2023-10-05T19:00:59.000000Z"}, {"uuid": "012c488c-2654-4c9c-a763-a483a9068c70", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-40280", "type": "seen", "source": "https://t.me/ctinow/211108", "content": "https://ift.tt/jHpOW0f\nCVE-2023-40280", "creation_timestamp": "2024-03-19T02:26:25.000000Z"}, {"uuid": "7ce3036a-c839-45d8-9b79-aa9571681d63", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-40280", "type": "seen", "source": "https://t.me/ctinow/211114", "content": "https://ift.tt/jHpOW0f\nCVE-2023-40280", "creation_timestamp": "2024-03-19T02:26:31.000000Z"}, {"uuid": "b5b5a8bb-c926-40da-8a20-894ec2cd3771", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-4028", "type": "seen", "source": "https://t.me/cibsecurity/68772", "content": "\u203c CVE-2023-4028 \u203c\n\nA buffer overflow has been identified in the SystemUserMasterHddPwdDxe driver in some Lenovo Notebook products which may allow an attacker with local access and elevated privileges to execute arbitrary code.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-17T20:37:35.000000Z"}, {"uuid": "577fb9d5-431f-496c-b536-b9f7d81ed549", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-40281", "type": "seen", "source": "https://t.me/cibsecurity/68727", "content": "\u203c CVE-2023-40281 \u203c\n\nEC-CUBE 2.11.0 to 2.17.2-p1 contain a cross-site scripting vulnerability in \"mail/template\" and \"products/product\" of Management page.If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the other administrator or the user who accessed the website using the product.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-17T12:37:13.000000Z"}, {"uuid": "d3f66291-ee41-4436-9ada-cb2ee9a49cbe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-40283", "type": "seen", "source": "https://t.me/cibsecurity/68419", "content": "\u203c CVE-2023-40283 \u203c\n\nAn issue was discovered in l2cap_sock_release in net/bluetooth/l2cap_sock.c in the Linux kernel before 6.4.10. There is a use-after-free because the children of an sk are mishandled.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-14T07:19:11.000000Z"}]}