Skip to main content
CVE Vulnerability Database
Vulnerability Database/CVE-2024-10237

CVE-2024-10237: Supermicro BMC Auth Bypass Vulnerability

CVE-2024-10237 is an authentication bypass flaw in Supermicro MBD-X12DPG-OA6 BMC firmware that allows attackers to modify firmware and bypass signature verification. This article covers technical details, impact, and mitigation.

Published:

CVE-2024-10237 Overview

CVE-2024-10237 is a firmware authentication design flaw in the Baseboard Management Controller (BMC) of the Supermicro MBD-X12DPG-OA6 motherboard. The vulnerability stems from improper verification of cryptographic signatures [CWE-345] in the BMC firmware image validation routine. An attacker with high privileges can modify the firmware to bypass BMC inspection and defeat the signature verification process. Successful exploitation allows persistent, low-level implantation of malicious firmware on affected systems. The issue affects confidentiality, integrity, and availability of the host platform.

Critical Impact

Attackers can plant unsigned or modified BMC firmware that survives operating system reinstalls, granting persistent out-of-band control of the server platform.

Affected Products

  • Supermicro MBD-X12DPG-OA6 motherboard BMC firmware
  • Supermicro BMC/IPMI firmware images subject to the January 2025 advisory
  • Server platforms integrating the affected BMC firmware

Discovery Timeline

  • 2025-02-04 - CVE-2024-10237 published to the National Vulnerability Database
  • 2026-06-17 - Last updated in NVD database

Technical Details for CVE-2024-10237

Vulnerability Analysis

The BMC on the Supermicro MBD-X12DPG-OA6 performs authentication of firmware images before applying updates. The verification design contains a flaw that lets an attacker craft a modified firmware image which passes the integrity check. Because the BMC operates independently of the host operating system, malicious firmware provides an attacker with out-of-band access to the server. Attackers can leverage this position to monitor traffic, redirect the boot chain, or persist across host reinstallation.

The weakness maps to [CWE-345] Insufficient Verification of Data Authenticity. The BMC treats a manipulated firmware payload as if it originated from Supermicro, defeating the trust anchor for platform firmware updates.

Root Cause

The root cause is a design defect in the BMC firmware image authentication routine. Signature verification does not fully cover all regions of the firmware image, or performs the check in a way that can be bypassed by restructuring the image. This lets attackers substitute malicious content while retaining a valid signature reference elsewhere in the file.

Attack Vector

Exploitation requires authenticated access with high privileges to invoke firmware update functionality on the BMC. The attack vector is network-based because BMC management interfaces (IPMI, Redfish, and the web UI) are typically exposed over dedicated management networks. Once inside the update flow, the attacker supplies the manipulated image and the BMC accepts it as authentic.

No verified public proof-of-concept code is available. Refer to the Supermicro Security Advisory for vendor technical details.

Detection Methods for CVE-2024-10237

Indicators of Compromise

  • Unexpected BMC firmware version strings or build hashes reported through IPMI mc info or Redfish /redfish/v1/UpdateService/FirmwareInventory
  • BMC firmware update events originating from unusual source IP addresses or accounts outside of change windows
  • New or altered BMC user accounts, SSH keys, or SOL (Serial-over-LAN) sessions following a firmware update
  • Unexpected outbound network connections from BMC management IP ranges

Detection Strategies

  • Compare deployed BMC firmware image hashes against vendor-published reference hashes on every managed server
  • Alert on any BMC firmware update event ingested from IPMI, Redfish, or vendor management tooling
  • Baseline BMC configuration (users, network settings, services) and detect drift on a scheduled interval
  • Correlate BMC administrative logins with authorized change tickets to surface unauthorized firmware operations

Monitoring Recommendations

  • Forward BMC audit logs, IPMI event logs, and Redfish LogService entries to a central SIEM for retention and analysis
  • Monitor management network segments for anomalous traffic patterns and lateral movement toward BMC interfaces
  • Track privileged account usage on BMC controllers, including service accounts used by orchestration platforms
  • Schedule periodic attestation of BMC firmware measurements where TPM-backed platform attestation is available

How to Mitigate CVE-2024-10237

Immediate Actions Required

  • Apply the Supermicro BMC firmware update referenced in the January 2025 security advisory to all affected MBD-X12DPG-OA6 systems
  • Restrict BMC management interfaces to isolated, non-routable management VLANs and block access from user networks
  • Rotate BMC administrative credentials and remove unused local accounts on the controller
  • Audit recent BMC firmware update events and validate installed image hashes against vendor references

Patch Information

Supermicro published fixed BMC firmware for affected platforms in its January 2025 advisory. Administrators should download the corrected image directly from Supermicro and verify it against the vendor-provided checksum before flashing. Refer to the Supermicro Security Advisory for the current firmware versions and installation guidance.

Workarounds

  • Disable remote firmware update capability on the BMC where operationally acceptable until patching is complete
  • Enforce network access control lists that limit BMC access to a small set of jump hosts used by platform administrators
  • Require multi-factor authentication on any bastion host used to reach BMC management interfaces
  • Physically air-gap or disconnect BMC management ports on systems that cannot be patched in the short term

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.