CVE-2013-3607

Multiple stack-based buffer overflows in the web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC*, H8DG*, H8SCM-F, H8SGL-F, H8SM*, X7SP*, X8DT*, X8SI*, X9DAX-*, X9DB*, X9DR*, X9QR*, X9SBAA-F, X9SC*, X9SPU-F, and X9SR* devices allow remote attackers to execute arbitrary code on the Baseboard Management Controller (BMC), as demonstrated by the (1) username or (2) password field in login.cgi.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
10 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:C/I:C/A:C
certccCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 94%
VendorProductVersion
supermicroh8dcl-6f
-
supermicroh8dcl-if
-
supermicroh8dct-hibqf
-
supermicroh8dct-hln4f
-
supermicroh8dct-ibqf
-
supermicroh8dg6-f
-
supermicroh8dgg-qf
-
supermicroh8dgi-f
-
supermicroh8dgt-hf
-
supermicroh8dgt-hibqf
-
supermicroh8dgt-hlf
-
supermicroh8dgt-hlibqf
-
supermicroh8dgu-f
-
supermicroh8dgu-ln4f\+
-
supermicroh8scm-f
-
supermicroh8sgl-f
-
supermicroh8sme-f
-
supermicroh8sml-7
-
supermicroh8sml-7f
-
supermicroh8sml-i
-
supermicroh8sml-if
-
supermicrox7spa-hf
-
supermicrox7spa-hf-d525
-
supermicrox7spe-h-d525
-
supermicrox7spe-hf
-
supermicrox7spe-hf-d525
-
supermicrox7spt-df-d525
-
supermicrox7spt-df-d525\+
-
supermicrox8dtl-3f
-
supermicrox8dtl-6f
-
supermicrox8dtl-if
-
supermicrox8dtn\+-f
-
supermicrox8dtn\+-f-lr
-
supermicrox8dtu-6f\+
-
supermicrox8dtu-6f\+-lr
-
supermicrox8dtu-6tf\+
-
supermicrox8dtu-6tf\+-lr
-
supermicrox8dtu-ln4f\+
-
supermicrox8dtu-ln4f\+-lr
-
supermicrox8si6-f
-
supermicrox8sia-f
-
supermicrox8sie-f
-
supermicrox8sie-ln4f
-
supermicrox8sil-f
-
supermicrox8sit-f
-
supermicrox8sit-hf
-
supermicrox8siu-f
-
supermicrox9dax-7f
-
supermicrox9dax-7f-hft
-
supermicrox9dax-7tf
-
supermicrox9dax-if
-
supermicrox9dax-if-hft
-
supermicrox9dax-itf
-
supermicrox9db3-f
-
supermicrox9db3-tpf
-
supermicrox9dbi-f
-
supermicrox9dbi-tpf
-
supermicrox9dbl-3f
-
supermicrox9dbl-if
-
supermicrox9dbu-3f
-
supermicrox9dbu-if
-
supermicrox9dr3-f
-
supermicrox9dr3-ln4f\+
-
supermicrox9dr7-ln4f
-
supermicrox9dr7-ln4f-jbod
-
supermicrox9dr7-tf\+
-
supermicrox9drd-7jln4f
-
supermicrox9drd-7ln4f
-
supermicrox9drd-7ln4f-jbod
-
supermicrox9drd-ef
-
supermicrox9drd-if
-
supermicrox9dre-ln4f
-
supermicrox9dre-tf\+
-
supermicrox9drff
-
supermicrox9drff-7
-
supermicrox9drff-7\+
-
supermicrox9drff-7g\+
-
supermicrox9drff-7t\+
-
supermicrox9drff-7tg\+
-
supermicrox9drff-i\+
-
supermicrox9drff-ig\+
-
supermicrox9drff-it\+
-
supermicrox9drff-itg\+
-
supermicrox9drfr
-
supermicrox9drg-hf
-
supermicrox9drg-hf\+
-
supermicrox9drg-htf
-
supermicrox9drg-htf\+
-
supermicrox9drh-7f
-
supermicrox9drh-7tf
-
supermicrox9drh-if
-
supermicrox9drh-itf
-
supermicrox9dri-f
-
supermicrox9dri-ln4f\+
-
supermicrox9drl-3f
-
supermicrox9drl-ef
-
supermicrox9drl-if
-
supermicrox9drt-f
-
supermicrox9drt-h6f
-
supermicrox9drt-h6ibff
-
supermicrox9drt-h6ibqf
-
supermicrox9drt-hf\+
-
supermicrox9drt-ibff
-
supermicrox9drt-ibqf
-
supermicrox9drw-3ln4f\+
-
supermicrox9drw-3tf\+
-
supermicrox9drw-7tpf\+
-
supermicrox9drw-itpf\+
-
supermicrox9drx\+-f
-
supermicrox9qr7-tf
-
supermicrox9qr7-tf\+
-
supermicrox9qr7-tf-jbod
-
supermicrox9qri-f
-
supermicrox9qri-f\+
-
supermicrox9sbaa-f
-
supermicrox9sca-f
-
supermicrox9scd-f
-
supermicrox9sce-f
-
supermicrox9scff-f
-
supermicrox9sci-ln4f
-
supermicrox9scl\+-f
-
supermicrox9scl-f
-
supermicrox9scm-f
-
supermicrox9scm-iif
-
supermicrox9spu-f
-
supermicrox9srd-f
-
supermicrox9sre-3f
-
supermicrox9sre-f
-
supermicrox9srg-f
-
supermicrox9sri-3f
-
supermicrox9sri-f
-
supermicrox9srl-f
-
supermicrox9srw-f
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.kb.cert.org/vuls/id/648646
http://www.securityfocus.com/bid/62094
http://www.supermicro.com/products/nfo/files/IPMI/CVE_Update.pdf
http://www.thomas-krenn.com/en/wiki/Supermicro_IPMI_Security_Updates_November_2013
https://support.citrix.com/article/CTX216642
https://www.usenix.org/system/files/conference/woot13/woot13-bonkoski_0.pdf
http://www.kb.cert.org/vuls/id/648646
http://www.securityfocus.com/bid/62094
http://www.supermicro.com/products/nfo/files/IPMI/CVE_Update.pdf
http://www.thomas-krenn.com/en/wiki/Supermicro_IPMI_Security_Updates_November_2013
https://support.citrix.com/article/CTX216642
https://www.usenix.org/system/files/conference/woot13/woot13-bonkoski_0.pdf