The bugs, collectively dubbed USBAnywhere, allow an attacker to obtain credentials for the baseboard management controllers (BMCs) of Supermicro X9-X11 servers. Once obtained, an attacker can then perform a range of USB-based attacks against the server remotely, including data exfiltration, booting from untrusted OS images or direct manipulation of the system via a virtual keyboard and mouse. Researchers at Eclypsium found at least 47,000 systems with their BMCs exposed to the internet.
Source: https://threatpost.com/usbanywhere-bugs-supermicro-remote-attack/147899/