CVE-2023-34853

Name: CVE-2023-34853
Creator: NVD / NIST
Published: 2023-08-22T19:16:36.37+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7.8/10EPSS 0.37%

Last modified Jun 17, 2026

CVE-2023-34853 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. Buffer Overflow vulnerability in Supermicro motherboard X12DPG-QR 1.4b allows local attackers to hijack control flow via manipulation of SmcSecurityEraseSetupVar variable.. EPSS estimates a 0.37% chance of exploitation in the next 30 days.

Description

Buffer Overflow vulnerability in Supermicro motherboard X12DPG-QR 1.4b allows local attackers to hijack control flow via manipulation of SmcSecurityEraseSetupVar variable.

Metrics

CVSS 3.1

7.8/10

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

0.37%

28.5th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-787

Affected Software

Vendor	Product	Versions
Supermicro	X12dai-N6 Firmware	All versions
Supermicro	X12ddw-A6 Firmware	All versions
Supermicro	X12dgo-6 Firmware	All versions
Supermicro	X12dgq-R Firmware	All versions
Supermicro	X12dgu Firmware	All versions
Supermicro	X12dhm-6 Firmware	All versions
Supermicro	X12dpd-A6m25 Firmware	All versions
Supermicro	X12dpfr-An6 Firmware	All versions
Supermicro	X12dpg-Ar Firmware	All versions
Supermicro	X12dpg-Oa6 Firmware	All versions
Supermicro	X12dpg-Oa6-Gd2 Firmware	All versions
Supermicro	X12dpg-Qbt6 Firmware	All versions
Supermicro	X12dpg-Qr Firmware	All versions
Supermicro	X12dpg-Qt6 Firmware	All versions
Supermicro	X12dpg-U6 Firmware	All versions
Supermicro	X12dpi-N6 Firmware	All versions
Supermicro	X12dpi-Nt6 Firmware	All versions
Supermicro	X12dpl-I6 Firmware	All versions
Supermicro	X12dpl-Nt6 Firmware	All versions
Supermicro	X12dpt-B6 Firmware	All versions
Supermicro	X12dpt-Pt46 Firmware	All versions
Supermicro	X12dpt-Pt6 Firmware	All versions
Supermicro	X12dpu-6 Firmware	All versions
Supermicro	X12dsc-6 Firmware	All versions
Supermicro	X12qch\+ Firmware	All versions
Supermicro	X12sae Firmware	All versions
Supermicro	X12sae-5 Firmware	All versions
Supermicro	X12sca-5f Firmware	All versions
Supermicro	X12sca-F Firmware	All versions
Supermicro	X12scq Firmware	All versions
Supermicro	X12scv-Lvds Firmware	All versions
Supermicro	X12scv-W Firmware	All versions
Supermicro	X12scz-F Firmware	All versions
Supermicro	X12scz-Qf Firmware	All versions
Supermicro	X12scz-Tln4f Firmware	All versions
Supermicro	X12sdv-10c-Sp6f Firmware	All versions
Supermicro	X12sdv-10c-Spt4f Firmware	All versions
Supermicro	X12sdv-14c-Spt8f Firmware	All versions
Supermicro	X12sdv-16c-Spt8f Firmware	All versions
Supermicro	X12sdv-20c-Spt8f Firmware	All versions
Supermicro	X12sdv-4c-Sp6f Firmware	All versions
Supermicro	X12sdv-4c-Spt4f Firmware	All versions
Supermicro	X12sdv-4c-Spt8f Firmware	All versions
Supermicro	X12sdv-8c-Sp6f Firmware	All versions
Supermicro	X12sdv-8c-Spt4f Firmware	All versions
Supermicro	X12sdv-8c-Spt8f Firmware	All versions
Supermicro	X12sdv-8ce-Sp4f Firmware	All versions
Supermicro	X12spa-Tf Firmware	All versions
Supermicro	X12sped-F Firmware	All versions
Supermicro	X12spg-Nf Firmware	All versions

Showing 50 of 271 affected configurations. See NVD for the full list.

References

Timeline

Published: Aug 22, 2023
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2023-34853?

Buffer Overflow vulnerability in Supermicro motherboard X12DPG-QR 1.4b allows local attackers to hijack control flow via manipulation of SmcSecurityEraseSetupVar variable.

How severe is CVE-2023-34853?

CVE-2023-34853 has a CVSS score of 7.8/10 (HIGH severity). The EPSS model estimates a 0.37% probability of exploitation in the next 30 days.

How do I fix CVE-2023-34853?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2023-34853?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST