CVE-2013-3607

EUVD-2013-3541
Multiple stack-based buffer overflows in the web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC*, H8DG*, H8SCM-F, H8SGL-F, H8SM*, X7SP*, X8DT*, X8SI*, X9DAX-*, X9DB*, X9DR*, X9QR*, X9SBAA-F, X9SC*, X9SPU-F, and X9SR* devices allow remote attackers to execute arbitrary code on the Baseboard Management Controller (BMC), as demonstrated by the (1) username or (2) password field in login.cgi.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
10 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 94%
Affected Products (NVD)
VendorProductVersion
supermicroh8dcl-6f
-
supermicroh8dcl-if
-
supermicroh8dct-hibqf
-
supermicroh8dct-hln4f
-
supermicroh8dct-ibqf
-
supermicroh8dg6-f
-
supermicroh8dgg-qf
-
supermicroh8dgi-f
-
supermicroh8dgt-hf
-
supermicroh8dgt-hibqf
-
supermicroh8dgt-hlf
-
supermicroh8dgt-hlibqf
-
supermicroh8dgu-f
-
supermicroh8dgu-ln4f\+
-
supermicroh8scm-f
-
supermicroh8sgl-f
-
supermicroh8sme-f
-
supermicroh8sml-7
-
supermicroh8sml-7f
-
supermicroh8sml-i
-
supermicroh8sml-if
-
supermicrox7spa-hf
-
supermicrox7spa-hf-d525
-
supermicrox7spe-h-d525
-
supermicrox7spe-hf
-
supermicrox7spe-hf-d525
-
supermicrox7spt-df-d525
-
supermicrox7spt-df-d525\+
-
supermicrox8dtl-3f
-
supermicrox8dtl-6f
-
supermicrox8dtl-if
-
supermicrox8dtn\+-f
-
supermicrox8dtn\+-f-lr
-
supermicrox8dtu-6f\+
-
supermicrox8dtu-6f\+-lr
-
supermicrox8dtu-6tf\+
-
supermicrox8dtu-6tf\+-lr
-
supermicrox8dtu-ln4f\+
-
supermicrox8dtu-ln4f\+-lr
-
supermicrox8si6-f
-
supermicrox8sia-f
-
supermicrox8sie-f
-
supermicrox8sie-ln4f
-
supermicrox8sil-f
-
supermicrox8sit-f
-
supermicrox8sit-hf
-
supermicrox8siu-f
-
supermicrox9dax-7f
-
supermicrox9dax-7f-hft
-
supermicrox9dax-7tf
-
supermicrox9dax-if
-
supermicrox9dax-if-hft
-
supermicrox9dax-itf
-
supermicrox9db3-f
-
supermicrox9db3-tpf
-
supermicrox9dbi-f
-
supermicrox9dbi-tpf
-
supermicrox9dbl-3f
-
supermicrox9dbl-if
-
supermicrox9dbu-3f
-
supermicrox9dbu-if
-
supermicrox9dr3-f
-
supermicrox9dr3-ln4f\+
-
supermicrox9dr7-ln4f
-
supermicrox9dr7-ln4f-jbod
-
supermicrox9dr7-tf\+
-
supermicrox9drd-7jln4f
-
supermicrox9drd-7ln4f
-
supermicrox9drd-7ln4f-jbod
-
supermicrox9drd-ef
-
supermicrox9drd-if
-
supermicrox9dre-ln4f
-
supermicrox9dre-tf\+
-
supermicrox9drff
-
supermicrox9drff-7
-
supermicrox9drff-7\+
-
supermicrox9drff-7g\+
-
supermicrox9drff-7t\+
-
supermicrox9drff-7tg\+
-
supermicrox9drff-i\+
-
supermicrox9drff-ig\+
-
supermicrox9drff-it\+
-
supermicrox9drff-itg\+
-
supermicrox9drfr
-
supermicrox9drg-hf
-
supermicrox9drg-hf\+
-
supermicrox9drg-htf
-
supermicrox9drg-htf\+
-
supermicrox9drh-7f
-
supermicrox9drh-7tf
-
supermicrox9drh-if
-
supermicrox9drh-itf
-
supermicrox9dri-f
-
supermicrox9dri-ln4f\+
-
supermicrox9drl-3f
-
supermicrox9drl-ef
-
supermicrox9drl-if
-
supermicrox9drt-f
-
supermicrox9drt-h6f
-
supermicrox9drt-h6ibff
-
supermicrox9drt-h6ibqf
-
supermicrox9drt-hf\+
-
supermicrox9drt-ibff
-
supermicrox9drt-ibqf
-
supermicrox9drw-3ln4f\+
-
supermicrox9drw-3tf\+
-
supermicrox9drw-7tpf\+
-
supermicrox9drw-itpf\+
-
supermicrox9drx\+-f
-
supermicrox9qr7-tf
-
supermicrox9qr7-tf\+
-
supermicrox9qr7-tf-jbod
-
supermicrox9qri-f
-
supermicrox9qri-f\+
-
supermicrox9sbaa-f
-
supermicrox9sca-f
-
supermicrox9scd-f
-
supermicrox9sce-f
-
supermicrox9scff-f
-
supermicrox9sci-ln4f
-
supermicrox9scl\+-f
-
supermicrox9scl-f
-
supermicrox9scm-f
-
supermicrox9scm-iif
-
supermicrox9spu-f
-
supermicrox9srd-f
-
supermicrox9sre-3f
-
supermicrox9sre-f
-
supermicrox9srg-f
-
supermicrox9sri-3f
-
supermicrox9sri-f
-
supermicrox9srl-f
-
supermicrox9srw-f
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.kb.cert.org/vuls/id/648646
http://www.securityfocus.com/bid/62094
http://www.supermicro.com/products/nfo/files/IPMI/CVE_Update.pdf
http://www.thomas-krenn.com/en/wiki/Supermicro_IPMI_Security_Updates_November_2013
https://support.citrix.com/article/CTX216642
https://www.usenix.org/system/files/conference/woot13/woot13-bonkoski_0.pdf
http://www.kb.cert.org/vuls/id/648646
http://www.securityfocus.com/bid/62094
http://www.supermicro.com/products/nfo/files/IPMI/CVE_Update.pdf
http://www.thomas-krenn.com/en/wiki/Supermicro_IPMI_Security_Updates_November_2013
https://support.citrix.com/article/CTX216642
https://www.usenix.org/system/files/conference/woot13/woot13-bonkoski_0.pdf