CVE-2013-3609

Exploit

EPSS 3.05%
Published 08.09.2013 03:17:39
Last modified 11.04.2025 00:51:21
Source cret@cert.org
Teams watchlist Login
Open Login

The web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC*, H8DG*, H8SCM-F, H8SGL-F, H8SM*, X7SP*, X8DT*, X8SI*, X9DAX-*, X9DB*, X9DR*, X9QR*, X9SBAA-F, X9SC*, X9SPU-F, and X9SR* devices relies on JavaScript code on the client for authorization checks, which allows remote authenticated users to bypass intended access restrictions via a crafted request, related to the PrivilegeCallBack function.

Affected products Warnungen 0 Metrics 2 CWE 1 References 9

Data is provided by the National Vulnerability Database (NVD)

Supermicro ≫ H8dcl-6f Version-

Supermicro ≫ H8dcl-if Version-

Supermicro ≫ H8dct-hibqf Version-

Supermicro ≫ H8dct-hln4f Version-

Supermicro ≫ H8dct-ibqf Version-

Supermicro ≫ H8dg6-f Version-

Supermicro ≫ H8dgg-qf Version-

Supermicro ≫ H8dgi-f Version-

Supermicro ≫ H8dgt-hf Version-

Supermicro ≫ H8dgt-hibqf Version-

Supermicro ≫ H8dgt-hlf Version-

Supermicro ≫ H8dgt-hlibqf Version-

Supermicro ≫ H8dgu-f Version-

Supermicro ≫ H8scm-f Version-

Supermicro ≫ H8sgl-f Version-

Supermicro ≫ H8sme-f Version-

Supermicro ≫ H8sml-7 Version-

Supermicro ≫ H8sml-7f Version-

Supermicro ≫ H8sml-i Version-

Supermicro ≫ H8sml-if Version-

Supermicro ≫ X7spa-hf Version-

Supermicro ≫ X7spa-hf-d525 Version-

Supermicro ≫ X7spe-h-d525 Version-

Supermicro ≫ X7spe-hf Version-

Supermicro ≫ X7spe-hf-d525 Version-

Supermicro ≫ X7spt-df-d525 Version-

Supermicro ≫ X8dtl-3f Version-

Supermicro ≫ X8dtl-6f Version-

Supermicro ≫ X8dtl-if Version-

Supermicro ≫ X8si6-f Version-

Supermicro ≫ X8sia-f Version-

Supermicro ≫ X8sie-f Version-

Supermicro ≫ X8sie-ln4f Version-

Supermicro ≫ X8sil-f Version-

Supermicro ≫ X8sit-f Version-

Supermicro ≫ X8sit-hf Version-

Supermicro ≫ X8siu-f Version-

Supermicro ≫ X9dax-7f Version-

Supermicro ≫ X9dax-7f-hft Version-

Supermicro ≫ X9dax-7tf Version-

Supermicro ≫ X9dax-if Version-

Supermicro ≫ X9dax-if-hft Version-

Supermicro ≫ X9dax-itf Version-

Supermicro ≫ X9db3-f Version-

Supermicro ≫ X9db3-tpf Version-

Supermicro ≫ X9dbi-f Version-

Supermicro ≫ X9dbi-tpf Version-

Supermicro ≫ X9dbl-3f Version-

Supermicro ≫ X9dbl-if Version-

Supermicro ≫ X9dbu-3f Version-

Supermicro ≫ X9dbu-if Version-

Supermicro ≫ X9dr3-f Version-

Supermicro ≫ X9dr7-ln4f Version-

Supermicro ≫ X9dr7-ln4f-jbod Version-

Supermicro ≫ X9drd-7jln4f Version-

Supermicro ≫ X9drd-7ln4f Version-

Supermicro ≫ X9drd-7ln4f-jbod Version-

Supermicro ≫ X9drd-ef Version-

Supermicro ≫ X9drd-if Version-

Supermicro ≫ X9dre-ln4f Version-

Supermicro ≫ X9drff Version-

Supermicro ≫ X9drff-7 Version-

Supermicro ≫ X9drfr Version-

Supermicro ≫ X9drg-hf Version-

Supermicro ≫ X9drg-htf Version-

Supermicro ≫ X9drh-7f Version-

Supermicro ≫ X9drh-7tf Version-

Supermicro ≫ X9drh-if Version-

Supermicro ≫ X9drh-itf Version-

Supermicro ≫ X9dri-f Version-

Supermicro ≫ X9drl-3f Version-

Supermicro ≫ X9drl-ef Version-

Supermicro ≫ X9drl-if Version-

Supermicro ≫ X9drt-f Version-

Supermicro ≫ X9drt-h6f Version-

Supermicro ≫ X9drt-h6ibff Version-

Supermicro ≫ X9drt-h6ibqf Version-

Supermicro ≫ X9drt-ibff Version-

Supermicro ≫ X9drt-ibqf Version-

Supermicro ≫ X9qr7-tf Version-

Supermicro ≫ X9qr7-tf-jbod Version-

Supermicro ≫ X9qri-f Version-

Supermicro ≫ X9sbaa-f Version-

Supermicro ≫ X9sca-f Version-

Supermicro ≫ X9scd-f Version-

Supermicro ≫ X9sce-f Version-

Supermicro ≫ X9scff-f Version-

Supermicro ≫ X9sci-ln4f Version-

Supermicro ≫ X9scl-f Version-

Supermicro ≫ X9scm-f Version-

Supermicro ≫ X9scm-iif Version-

Supermicro ≫ X9spu-f Version-

Supermicro ≫ X9srd-f Version-

Supermicro ≫ X9sre-3f Version-

Supermicro ≫ X9sre-f Version-

Supermicro ≫ X9srg-f Version-

Supermicro ≫ X9sri-3f Version-

Supermicro ≫ X9sri-f Version-

Supermicro ≫ X9srl-f Version-

Supermicro ≫ X9srw-f Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	3.05%	0.854

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.kb.cert.org/vuls/id/648646

US Government Resource

http://www.supermicro.com/products/nfo/files/IPMI/CVE_Update.pdf

http://www.thomas-krenn.com/en/wiki/Supermicro_IPMI_Security_Updates_November_2013

https://support.citrix.com/article/CTX216642

https://www.usenix.org/system/files/conference/woot13/woot13-bonkoski_0.pdf

Exploit

http://www.securityfocus.com/bid/62098

https://nvd.nist.gov/vuln/detail/CVE-2013-3609

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2013-3609

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2013-3609

EUVD