Vulnerability Details CVE-2013-3607
Multiple stack-based buffer overflows in the web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC*, H8DG*, H8SCM-F, H8SGL-F, H8SM*, X7SP*, X8DT*, X8SI*, X9DAX-*, X9DB*, X9DR*, X9QR*, X9SBAA-F, X9SC*, X9SPU-F, and X9SR* devices allow remote attackers to execute arbitrary code on the Baseboard Management Controller (BMC), as demonstrated by the (1) username or (2) password field in login.cgi.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.143
EPSS Ranking 94.1%
CVSS Severity
CVSS v2 Score 10.0
References
- http://www.kb.cert.org/vuls/id/648646
- http://www.securityfocus.com/bid/62094
- http://www.supermicro.com/products/nfo/files/IPMI/CVE_Update.pdf
- http://www.thomas-krenn.com/en/wiki/Supermicro_IPMI_Security_Updates_November_2013
- https://support.citrix.com/article/CTX216642
- https://www.usenix.org/system/files/conference/woot13/woot13-bonkoski_0.pdf
- http://www.kb.cert.org/vuls/id/648646
- http://www.securityfocus.com/bid/62094
- http://www.supermicro.com/products/nfo/files/IPMI/CVE_Update.pdf
- http://www.thomas-krenn.com/en/wiki/Supermicro_IPMI_Security_Updates_November_2013
- https://support.citrix.com/article/CTX216642
- https://www.usenix.org/system/files/conference/woot13/woot13-bonkoski_0.pdf
Products affected by CVE-2013-3607
-
cpe:2.3:h:supermicro:h8dcl-6f:-
-
cpe:2.3:h:supermicro:h8dcl-if:-
-
cpe:2.3:h:supermicro:h8dct-hibqf:-
-
cpe:2.3:h:supermicro:h8dct-hln4f:-
-
cpe:2.3:h:supermicro:h8dct-ibqf:-
-
cpe:2.3:h:supermicro:h8dg6-f:-
-
cpe:2.3:h:supermicro:h8dgg-qf:-
-
cpe:2.3:h:supermicro:h8dgi-f:-
-
cpe:2.3:h:supermicro:h8dgt-hf:-
-
cpe:2.3:h:supermicro:h8dgt-hibqf:-
-
cpe:2.3:h:supermicro:h8dgt-hlf:-
-
cpe:2.3:h:supermicro:h8dgt-hlibqf:-
-
cpe:2.3:h:supermicro:h8dgu-f:-
-
cpe:2.3:h:supermicro:h8dgu-ln4f+:-
-
cpe:2.3:h:supermicro:h8scm-f:-
-
cpe:2.3:h:supermicro:h8sgl-f:-
-
cpe:2.3:h:supermicro:h8sme-f:-
-
cpe:2.3:h:supermicro:h8sml-7:-
-
cpe:2.3:h:supermicro:h8sml-7f:-
-
cpe:2.3:h:supermicro:h8sml-i:-
-
cpe:2.3:h:supermicro:h8sml-if:-
-
cpe:2.3:h:supermicro:x7spa-hf-d525:-
-
cpe:2.3:h:supermicro:x7spa-hf:-
-
cpe:2.3:h:supermicro:x7spe-h-d525:-
-
cpe:2.3:h:supermicro:x7spe-hf-d525:-
-
cpe:2.3:h:supermicro:x7spe-hf:-
-
cpe:2.3:h:supermicro:x7spt-df-d525+:-
-
cpe:2.3:h:supermicro:x7spt-df-d525:-
-
cpe:2.3:h:supermicro:x8dtl-3f:-
-
cpe:2.3:h:supermicro:x8dtl-6f:-
-
cpe:2.3:h:supermicro:x8dtl-if:-
-
cpe:2.3:h:supermicro:x8dtn+-f-lr:-
-
cpe:2.3:h:supermicro:x8dtn+-f:-
-
cpe:2.3:h:supermicro:x8dtu-6f+-lr:-
-
cpe:2.3:h:supermicro:x8dtu-6f+:-
-
cpe:2.3:h:supermicro:x8dtu-6tf+-lr:-
-
cpe:2.3:h:supermicro:x8dtu-6tf+:-
-
cpe:2.3:h:supermicro:x8dtu-ln4f+-lr:-
-
cpe:2.3:h:supermicro:x8dtu-ln4f+:-
-
cpe:2.3:h:supermicro:x8si6-f:-
-
cpe:2.3:h:supermicro:x8sia-f:-
-
cpe:2.3:h:supermicro:x8sie-f:-
-
cpe:2.3:h:supermicro:x8sie-ln4f:-
-
cpe:2.3:h:supermicro:x8sil-f:-
-
cpe:2.3:h:supermicro:x8sit-f:-
-
cpe:2.3:h:supermicro:x8sit-hf:-
-
cpe:2.3:h:supermicro:x8siu-f:-
-
cpe:2.3:h:supermicro:x9dax-7f-hft:-
-
cpe:2.3:h:supermicro:x9dax-7f:-
-
cpe:2.3:h:supermicro:x9dax-7tf:-
-
cpe:2.3:h:supermicro:x9dax-if-hft:-
-
cpe:2.3:h:supermicro:x9dax-if:-
-
cpe:2.3:h:supermicro:x9dax-itf:-
-
cpe:2.3:h:supermicro:x9db3-f:-
-
cpe:2.3:h:supermicro:x9db3-tpf:-
-
cpe:2.3:h:supermicro:x9dbi-f:-
-
cpe:2.3:h:supermicro:x9dbi-tpf:-
-
cpe:2.3:h:supermicro:x9dbl-3f:-
-
cpe:2.3:h:supermicro:x9dbl-if:-
-
cpe:2.3:h:supermicro:x9dbu-3f:-
-
cpe:2.3:h:supermicro:x9dbu-if:-
-
cpe:2.3:h:supermicro:x9dr3-f:-
-
cpe:2.3:h:supermicro:x9dr3-ln4f+:-
-
cpe:2.3:h:supermicro:x9dr7-ln4f-jbod:-
-
cpe:2.3:h:supermicro:x9dr7-ln4f:-
-
cpe:2.3:h:supermicro:x9dr7-tf+:-
-
cpe:2.3:h:supermicro:x9drd-7jln4f:-
-
cpe:2.3:h:supermicro:x9drd-7ln4f-jbod:-
-
cpe:2.3:h:supermicro:x9drd-7ln4f:-
-
cpe:2.3:h:supermicro:x9drd-ef:-
-
cpe:2.3:h:supermicro:x9drd-if:-
-
cpe:2.3:h:supermicro:x9dre-ln4f:-
-
cpe:2.3:h:supermicro:x9dre-tf+:-
-
cpe:2.3:h:supermicro:x9drff-7+:-
-
cpe:2.3:h:supermicro:x9drff-7:-
-
cpe:2.3:h:supermicro:x9drff-7g+:-
-
cpe:2.3:h:supermicro:x9drff-7t+:-
-
cpe:2.3:h:supermicro:x9drff-7tg+:-
-
cpe:2.3:h:supermicro:x9drff-i+:-
-
cpe:2.3:h:supermicro:x9drff-ig+:-
-
cpe:2.3:h:supermicro:x9drff-it+:-
-
cpe:2.3:h:supermicro:x9drff-itg+:-
-
cpe:2.3:h:supermicro:x9drff:-
-
cpe:2.3:h:supermicro:x9drfr:-
-
cpe:2.3:h:supermicro:x9drg-hf+:-
-
cpe:2.3:h:supermicro:x9drg-hf:-
-
cpe:2.3:h:supermicro:x9drg-htf+:-
-
cpe:2.3:h:supermicro:x9drg-htf:-
-
cpe:2.3:h:supermicro:x9drh-7f:-
-
cpe:2.3:h:supermicro:x9drh-7tf:-
-
cpe:2.3:h:supermicro:x9drh-if:-
-
cpe:2.3:h:supermicro:x9drh-itf:-
-
cpe:2.3:h:supermicro:x9dri-f:-
-
cpe:2.3:h:supermicro:x9dri-ln4f+:-
-
cpe:2.3:h:supermicro:x9drl-3f:-
-
cpe:2.3:h:supermicro:x9drl-ef:-
-
cpe:2.3:h:supermicro:x9drl-if:-
-
cpe:2.3:h:supermicro:x9drt-f:-
-
cpe:2.3:h:supermicro:x9drt-h6f:-
-
cpe:2.3:h:supermicro:x9drt-h6ibff:-
-
cpe:2.3:h:supermicro:x9drt-h6ibqf:-
-
cpe:2.3:h:supermicro:x9drt-hf+:-
-
cpe:2.3:h:supermicro:x9drt-ibff:-
-
cpe:2.3:h:supermicro:x9drt-ibqf:-
-
cpe:2.3:h:supermicro:x9drw-3ln4f+:-
-
cpe:2.3:h:supermicro:x9drw-3tf+:-
-
cpe:2.3:h:supermicro:x9drw-7tpf+:-
-
cpe:2.3:h:supermicro:x9drw-itpf+:-
-
cpe:2.3:h:supermicro:x9drx+-f:-
-
cpe:2.3:h:supermicro:x9qr7-tf+:-
-
cpe:2.3:h:supermicro:x9qr7-tf-jbod:-
-
cpe:2.3:h:supermicro:x9qr7-tf:-
-
cpe:2.3:h:supermicro:x9qri-f+:-
-
cpe:2.3:h:supermicro:x9qri-f:-
-
cpe:2.3:h:supermicro:x9sbaa-f:-
-
cpe:2.3:h:supermicro:x9sca-f:-
-
cpe:2.3:h:supermicro:x9scd-f:-
-
cpe:2.3:h:supermicro:x9sce-f:-
-
cpe:2.3:h:supermicro:x9scff-f:-
-
cpe:2.3:h:supermicro:x9sci-ln4f:-
-
cpe:2.3:h:supermicro:x9scl+-f:-
-
cpe:2.3:h:supermicro:x9scl-f:-
-
cpe:2.3:h:supermicro:x9scm-f:-
-
cpe:2.3:h:supermicro:x9scm-iif:-
-
cpe:2.3:h:supermicro:x9spu-f:-
-
cpe:2.3:h:supermicro:x9srd-f:-
-
cpe:2.3:h:supermicro:x9sre-3f:-
-
cpe:2.3:h:supermicro:x9sre-f:-
-
cpe:2.3:h:supermicro:x9srg-f:-
-
cpe:2.3:h:supermicro:x9sri-3f:-
-
cpe:2.3:h:supermicro:x9sri-f:-
-
cpe:2.3:h:supermicro:x9srl-f:-
-
cpe:2.3:h:supermicro:x9srw-f:-