CVE-2013-3607

Exploit

EPSS 14.3%
Published 08.09.2013 03:17:39
Last modified 11.04.2025 00:51:21
Source cret@cert.org
Teams watchlist Login
Open Login

Multiple stack-based buffer overflows in the web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC*, H8DG*, H8SCM-F, H8SGL-F, H8SM*, X7SP*, X8DT*, X8SI*, X9DAX-*, X9DB*, X9DR*, X9QR*, X9SBAA-F, X9SC*, X9SPU-F, and X9SR* devices allow remote attackers to execute arbitrary code on the Baseboard Management Controller (BMC), as demonstrated by the (1) username or (2) password field in login.cgi.

Affected products Warnungen 0 Metrics 2 CWE 1 References 9

Data is provided by the National Vulnerability Database (NVD)

Supermicro ≫ H8dcl-6f Version-

Supermicro ≫ H8dcl-if Version-

Supermicro ≫ H8dct-hibqf Version-

Supermicro ≫ H8dct-hln4f Version-

Supermicro ≫ H8dct-ibqf Version-

Supermicro ≫ H8dg6-f Version-

Supermicro ≫ H8dgg-qf Version-

Supermicro ≫ H8dgi-f Version-

Supermicro ≫ H8dgt-hf Version-

Supermicro ≫ H8dgt-hibqf Version-

Supermicro ≫ H8dgt-hlf Version-

Supermicro ≫ H8dgt-hlibqf Version-

Supermicro ≫ H8dgu-f Version-

Supermicro ≫ H8scm-f Version-

Supermicro ≫ H8sgl-f Version-

Supermicro ≫ H8sme-f Version-

Supermicro ≫ H8sml-7 Version-

Supermicro ≫ H8sml-7f Version-

Supermicro ≫ H8sml-i Version-

Supermicro ≫ H8sml-if Version-

Supermicro ≫ X7spa-hf Version-

Supermicro ≫ X7spa-hf-d525 Version-

Supermicro ≫ X7spe-h-d525 Version-

Supermicro ≫ X7spe-hf Version-

Supermicro ≫ X7spe-hf-d525 Version-

Supermicro ≫ X7spt-df-d525 Version-

Supermicro ≫ X8dtl-3f Version-

Supermicro ≫ X8dtl-6f Version-

Supermicro ≫ X8dtl-if Version-

Supermicro ≫ X8si6-f Version-

Supermicro ≫ X8sia-f Version-

Supermicro ≫ X8sie-f Version-

Supermicro ≫ X8sie-ln4f Version-

Supermicro ≫ X8sil-f Version-

Supermicro ≫ X8sit-f Version-

Supermicro ≫ X8sit-hf Version-

Supermicro ≫ X8siu-f Version-

Supermicro ≫ X9dax-7f Version-

Supermicro ≫ X9dax-7f-hft Version-

Supermicro ≫ X9dax-7tf Version-

Supermicro ≫ X9dax-if Version-

Supermicro ≫ X9dax-if-hft Version-

Supermicro ≫ X9dax-itf Version-

Supermicro ≫ X9db3-f Version-

Supermicro ≫ X9db3-tpf Version-

Supermicro ≫ X9dbi-f Version-

Supermicro ≫ X9dbi-tpf Version-

Supermicro ≫ X9dbl-3f Version-

Supermicro ≫ X9dbl-if Version-

Supermicro ≫ X9dbu-3f Version-

Supermicro ≫ X9dbu-if Version-

Supermicro ≫ X9dr3-f Version-

Supermicro ≫ X9dr7-ln4f Version-

Supermicro ≫ X9dr7-ln4f-jbod Version-

Supermicro ≫ X9drd-7jln4f Version-

Supermicro ≫ X9drd-7ln4f Version-

Supermicro ≫ X9drd-7ln4f-jbod Version-

Supermicro ≫ X9drd-ef Version-

Supermicro ≫ X9drd-if Version-

Supermicro ≫ X9dre-ln4f Version-

Supermicro ≫ X9drff Version-

Supermicro ≫ X9drff-7 Version-

Supermicro ≫ X9drfr Version-

Supermicro ≫ X9drg-hf Version-

Supermicro ≫ X9drg-htf Version-

Supermicro ≫ X9drh-7f Version-

Supermicro ≫ X9drh-7tf Version-

Supermicro ≫ X9drh-if Version-

Supermicro ≫ X9drh-itf Version-

Supermicro ≫ X9dri-f Version-

Supermicro ≫ X9drl-3f Version-

Supermicro ≫ X9drl-ef Version-

Supermicro ≫ X9drl-if Version-

Supermicro ≫ X9drt-f Version-

Supermicro ≫ X9drt-h6f Version-

Supermicro ≫ X9drt-h6ibff Version-

Supermicro ≫ X9drt-h6ibqf Version-

Supermicro ≫ X9drt-ibff Version-

Supermicro ≫ X9drt-ibqf Version-

Supermicro ≫ X9qr7-tf Version-

Supermicro ≫ X9qr7-tf-jbod Version-

Supermicro ≫ X9qri-f Version-

Supermicro ≫ X9sbaa-f Version-

Supermicro ≫ X9sca-f Version-

Supermicro ≫ X9scd-f Version-

Supermicro ≫ X9sce-f Version-

Supermicro ≫ X9scff-f Version-

Supermicro ≫ X9sci-ln4f Version-

Supermicro ≫ X9scl-f Version-

Supermicro ≫ X9scm-f Version-

Supermicro ≫ X9scm-iif Version-

Supermicro ≫ X9spu-f Version-

Supermicro ≫ X9srd-f Version-

Supermicro ≫ X9sre-3f Version-

Supermicro ≫ X9sre-f Version-

Supermicro ≫ X9srg-f Version-

Supermicro ≫ X9sri-3f Version-

Supermicro ≫ X9sri-f Version-

Supermicro ≫ X9srl-f Version-

Supermicro ≫ X9srw-f Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	14.3%	0.938

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://www.kb.cert.org/vuls/id/648646

US Government Resource

http://www.securityfocus.com/bid/62094

http://www.supermicro.com/products/nfo/files/IPMI/CVE_Update.pdf

http://www.thomas-krenn.com/en/wiki/Supermicro_IPMI_Security_Updates_November_2013

https://support.citrix.com/article/CTX216642

https://www.usenix.org/system/files/conference/woot13/woot13-bonkoski_0.pdf

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2013-3607

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2013-3607

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2013-3607

EUVD