A command injection issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker can exploit this to elevate privileges from a user with BMC administrative privileges.
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.