8.1

CVE-2013-3619

Intelligent Platform Management Interface (IPMI) with firmware for Supermicro X9 generation motherboards before SMT_X9_317 and firmware for Supermicro X8 generation motherboards before SMT X8 312 contain harcoded private encryption keys for the (1) Lighttpd web server SSL interface and the (2) Dropbear SSH daemon.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SupermicroSmt X9 Firmware Version < 3.15
   SupermicroSh7758 Version-
SupermicroSmt X8 Firmware Version < 3.12
   SupermicroSh7757 Version-
CitrixNetscaler Sdx Firmware Version10
   CitrixNetscaler Sdx Version-
CitrixNetscaler Firmware Version-
   CitrixNetscaler Version-
CitrixNetscaler Sd-wan Firmware Version-
   CitrixNetscaler Sd-wan Version-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 9.69% 0.949
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.1 2.2 5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:P/I:N/A:N
CWE-798 Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

https://support.citrix.com/article/CTX216642
Third Party Advisory
http://support.citrix.com/article/CTX216642
Third Party Advisory
https://community.rapid7.com/community/metasploit/blog/2013/11/05/supermicro-ipmi-firmware-vulnerabilities
Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/89044
Third Party Advisory
VDB Entry
https://www.supermicro.com/products/nfo/files/IPMI/CVE_Update.pdf
Vendor Advisory