CVE-2018-13787

Certain Supermicro X11S, X10, X9, X8SI, K1SP, C9X299, C7, B1, A2, and A1 products have a misconfigured Descriptor Region, allowing OS programs to modify firmware.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.7 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 18%
VendorProductVersion
supermicrox11ssz_firmware
-
supermicrox11ssv_firmware
-
supermicrox11ssql_firmware
-
supermicrox11ssq_firmware
-
supermicrox11ssn_firmware
-
supermicrox11srm_firmware
-
supermicrox11sra_firmware
-
supermicrox11sba_firmware
-
supermicrox11sat_firmware
-
supermicrox11sae_m_firmware
-
supermicrox11sae_firmware
-
supermicrox10srw_firmware
-
supermicrox10srm_firmware
-
supermicrox10srl_firmware
-
supermicrox10sri_firmware
-
supermicrox10srh_firmware
-
supermicrox10srg_firmware
-
supermicrox10srd_firmware
-
supermicrox10sra_firmware
-
supermicrox10sdvt_firmware
-
supermicrox10sdvf_firmware
-
supermicrox10sde_firmware
-
supermicrox10sddf_firmware
-
supermicrox10sba_firmware
-
supermicrox10qrh_firmware
-
supermicrox10dsn_firmware
-
supermicrox10dscp_firmware
-
supermicrox10dsc_firmware
-
supermicrox10drx_firmware
-
supermicrox10drwn_firmware
-
supermicrox10drw_firmware
-
supermicrox10drux_firmware
-
supermicrox10drul_firmware
-
supermicrox10dru_firmware
-
supermicrox10drts_firmware
-
supermicrox10drtps_firmware
-
supermicrox10drtl_firmware
-
supermicrox10drth_firmware
-
supermicrox10drtb_firmware
-
supermicrox10drt_firmware
-
supermicrox10drs_firmware
-
supermicrox10drln_firmware
-
supermicrox10drlc_firmware
-
supermicrox10drl_firmware
-
supermicrox10dri1_firmware
-
supermicrox10drh4_firmware
-
supermicrox10drh_firmware
-
supermicrox10drgo_firmware
-
supermicrox10drgh_firmware
-
supermicrox10drg_firmware
-
supermicrox10drfr_firmware
-
supermicrox10drfg_firmware
-
supermicrox10drff_firmware
-
supermicrox10drdl_firmware
-
supermicrox10drd_firmware
-
supermicrox10drc_firmware
-
supermicrox10dgo_firmware
-
supermicrox10ddwn_firmware
-
supermicrox10ddwi_firmware
-
supermicrox10ddw4_firmware
-
supermicrox10ddw3_firmware
-
supermicrox10dax_firmware
-
supermicrox10dali_firmware
-
supermicrox10dal_firmware
-
supermicrox10dai_firmware
-
supermicrob10drt_firmware
-
supermicrob10dri_firmware
-
supermicrob10drg_firmware
-
supermicrox9sae_firmware
-
supermicrox9drth_firmware
-
supermicrox9drgqf_firmware
-
supermicrox9drffp_firmware
-
supermicrox9drf_firmware
-
supermicrox9dbl_firmware
-
supermicrox8siu_firmware
-
supermicrox8sit_firmware
-
supermicrox8sil_firmware
-
supermicrox8sie_firmware
-
supermicrox8sia_firmware
-
supermicrok1spi_firmware
-
supermicrok1spes_firmware
-
supermicroc9x299_firmware
-
supermicroc7z97oc_firmware
-
supermicroc7z97mf_firmware
-
supermicroc7z87oc_firmware
-
supermicroc7z370l_firmware
-
supermicroc7z370i_firmware
-
supermicroc7z270p_firmware
-
supermicroc7z270m_firmware
-
supermicroc7z270l_firmware
-
supermicroc7z270cg_firmware
-
supermicroc7z270c_firmware
-
supermicroc7z170oce_firmware
-
supermicroc7z170o_firmware
-
supermicroc7z170_firmware
-
supermicroc7x99oc_firmware
-
supermicroc7q270_firmware
-
supermicroc7h270_firmware
-
supermicroc7b250_firmware
-
supermicrob1sd2tf_firmware
-
supermicrob1sa4_firmware
-
supermicrob1dri_firmware
-
supermicroa2sav_firmware
-
supermicroa2sap_firmware
-
supermicroa2san_firmware
-
supermicroa1srm_firmware
-
supermicroa1sam_firmware
-
supermicroa1sai1_firmware
-
supermicroa1sai_firmware
-
supermicroa1sa_firmware
-
𝑥
= Vulnerable software versions
References
https://blog.eclypsium.com/2018/06/07/firmware-vulnerabilities-in-supermicro-systems/
https://www.bleepingcomputer.com/news/security/firmware-vulnerabilities-disclosed-in-supermicro-server-products/
https://www.supermicro.com/support/security_Intel-SA-00088.cfm?pg=X10#tab
https://blog.eclypsium.com/2018/06/07/firmware-vulnerabilities-in-supermicro-systems/
https://www.bleepingcomputer.com/news/security/firmware-vulnerabilities-disclosed-in-supermicro-server-products/
https://www.supermicro.com/support/security_Intel-SA-00088.cfm?pg=X10#tab