CVSS 3.1 Score 9.8 of 10 (high)


Published Jul 31, 2023
Updated: Aug 7, 2023


CVE-2023-35861 is a shell-injection vulnerability that affects Supermicro motherboards, specifically the H12DST-B version before 03.10.35. This vulnerability allows remote attackers to execute arbitrary commands as root on the BMC through email notifications. The risk score for this vulnerability is 66, with a base severity of CRITICAL and a base score of 9.8 according to NVD. The exploitability score is 3.9, indicating a moderate level of difficulty for attackers to exploit this vulnerability. The impact of this vulnerability is significant, with high integrity and confidentiality impacts as well as high availability impact. It falls under CWE-78 (Improper Neutralization of Special Elements used in an OS Command) category. No remediation or further analysis information is provided in the source text.

Leverage our Vulnerability Intelligence module to secure your systems now - get detailed insights on CVE-2024-37364. Book your demo today.


Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-35861 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options