CVE-2013-3608

The web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC*, H8DG*, H8SCM-F, H8SGL-F, H8SM*, X7SP*, X8DT*, X8SI*, X9DAX-*, X9DB*, X9DR*, X9QR*, X9SBAA-F, X9SC*, X9SPU-F, and X9SR* devices allows remote authenticated users to execute arbitrary commands via shell metacharacters, as demonstrated by the IP address field in config_date_time.cgi.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
10 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:C/I:C/A:C
certccCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 86%
VendorProductVersion
supermicroh8dcl-6f
-
supermicroh8dcl-if
-
supermicroh8dct-hibqf
-
supermicroh8dct-hln4f
-
supermicroh8dct-ibqf
-
supermicroh8dg6-f
-
supermicroh8dgg-qf
-
supermicroh8dgi-f
-
supermicroh8dgt-hf
-
supermicroh8dgt-hibqf
-
supermicroh8dgt-hlf
-
supermicroh8dgt-hlibqf
-
supermicroh8dgu-f
-
supermicroh8dgu-ln4f\+
-
supermicroh8scm-f
-
supermicroh8sgl-f
-
supermicroh8sme-f
-
supermicroh8sml-7
-
supermicroh8sml-7f
-
supermicroh8sml-i
-
supermicroh8sml-if
-
supermicrox7spa-hf
-
supermicrox7spa-hf-d525
-
supermicrox7spe-h-d525
-
supermicrox7spe-hf
-
supermicrox7spe-hf-d525
-
supermicrox7spt-df-d525
-
supermicrox7spt-df-d525\+
-
supermicrox8dtl-3f
-
supermicrox8dtl-6f
-
supermicrox8dtl-if
-
supermicrox8dtn\+-f
-
supermicrox8dtn\+-f-lr
-
supermicrox8dtu-6f\+
-
supermicrox8dtu-6f\+-lr
-
supermicrox8dtu-6tf\+
-
supermicrox8dtu-6tf\+-lr
-
supermicrox8dtu-ln4f\+
-
supermicrox8dtu-ln4f\+-lr
-
supermicrox8si6-f
-
supermicrox8sia-f
-
supermicrox8sie-f
-
supermicrox8sie-ln4f
-
supermicrox8sil-f
-
supermicrox8sit-f
-
supermicrox8sit-hf
-
supermicrox8siu-f
-
supermicrox9dax-7f
-
supermicrox9dax-7f-hft
-
supermicrox9dax-7tf
-
supermicrox9dax-if
-
supermicrox9dax-if-hft
-
supermicrox9dax-itf
-
supermicrox9db3-f
-
supermicrox9db3-tpf
-
supermicrox9dbi-f
-
supermicrox9dbi-tpf
-
supermicrox9dbl-3f
-
supermicrox9dbl-if
-
supermicrox9dbu-3f
-
supermicrox9dbu-if
-
supermicrox9dr3-f
-
supermicrox9dr3-ln4f\+
-
supermicrox9dr7-ln4f
-
supermicrox9dr7-ln4f-jbod
-
supermicrox9dr7-tf\+
-
supermicrox9drd-7jln4f
-
supermicrox9drd-7ln4f
-
supermicrox9drd-7ln4f-jbod
-
supermicrox9drd-ef
-
supermicrox9drd-if
-
supermicrox9dre-ln4f
-
supermicrox9dre-tf\+
-
supermicrox9drff
-
supermicrox9drff-7
-
supermicrox9drff-7\+
-
supermicrox9drff-7g\+
-
supermicrox9drff-7t\+
-
supermicrox9drff-7tg\+
-
supermicrox9drff-i\+
-
supermicrox9drff-ig\+
-
supermicrox9drff-it\+
-
supermicrox9drff-itg\+
-
supermicrox9drfr
-
supermicrox9drg-hf
-
supermicrox9drg-hf\+
-
supermicrox9drg-htf
-
supermicrox9drg-htf\+
-
supermicrox9drh-7f
-
supermicrox9drh-7tf
-
supermicrox9drh-if
-
supermicrox9drh-itf
-
supermicrox9dri-f
-
supermicrox9dri-ln4f\+
-
supermicrox9drl-3f
-
supermicrox9drl-ef
-
supermicrox9drl-if
-
supermicrox9drt-f
-
supermicrox9drt-h6f
-
supermicrox9drt-h6ibff
-
supermicrox9drt-h6ibqf
-
supermicrox9drt-hf\+
-
supermicrox9drt-ibff
-
supermicrox9drt-ibqf
-
supermicrox9drw-3ln4f\+
-
supermicrox9drw-3tf\+
-
supermicrox9drw-7tpf\+
-
supermicrox9drw-itpf\+
-
supermicrox9drx\+-f
-
supermicrox9qr7-tf
-
supermicrox9qr7-tf\+
-
supermicrox9qr7-tf-jbod
-
supermicrox9qri-f
-
supermicrox9qri-f\+
-
supermicrox9sbaa-f
-
supermicrox9sca-f
-
supermicrox9scd-f
-
supermicrox9sce-f
-
supermicrox9scff-f
-
supermicrox9sci-ln4f
-
supermicrox9scl\+-f
-
supermicrox9scl-f
-
supermicrox9scm-f
-
supermicrox9scm-iif
-
supermicrox9spu-f
-
supermicrox9srd-f
-
supermicrox9sre-3f
-
supermicrox9sre-f
-
supermicrox9srg-f
-
supermicrox9sri-3f
-
supermicrox9sri-f
-
supermicrox9srl-f
-
supermicrox9srw-f
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.kb.cert.org/vuls/id/648646
http://www.securityfocus.com/bid/62097
http://www.supermicro.com/products/nfo/files/IPMI/CVE_Update.pdf
http://www.thomas-krenn.com/en/wiki/Supermicro_IPMI_Security_Updates_November_2013
https://support.citrix.com/article/CTX216642
https://www.usenix.org/system/files/conference/woot13/woot13-bonkoski_0.pdf
http://www.kb.cert.org/vuls/id/648646
http://www.securityfocus.com/bid/62097
http://www.supermicro.com/products/nfo/files/IPMI/CVE_Update.pdf
http://www.thomas-krenn.com/en/wiki/Supermicro_IPMI_Security_Updates_November_2013
https://support.citrix.com/article/CTX216642
https://www.usenix.org/system/files/conference/woot13/woot13-bonkoski_0.pdf