Baseboard Management Controller (BMC) Security Vulnerabilities regarding systems using the ASPEED AST2400 and AST2500 system-on-chips (SoCs) (CVE-2019-6260)
Supermicro is aware of the recent vulnerability CVE-2019-6260 that was discovered in the Baseband Management Controller (BMC) firmware stack. According to the National Vulnerability Database, the ASPEED AST2400 and AST2500 BMC hardware and firmware implement Advanced High-performance Bus (AHB) bridges, which allow arbitrary read and write access to the BMC's physical address space from the host.
Supermicro is working with the vendor ASPEED on its fixes for this issue. We will post further information regarding impacted products and scheduled availability for any fixes as information becomes available.