8.1

CVE-2013-3619

EPSS 9.46%
Veröffentlicht 02.01.2020 18:15:11
Zuletzt bearbeitet 21.11.2024 01:53:59
Quelle cret@cert.org
Teams Watchlist Login
Unerledigt Login

Intelligent Platform Management Interface (IPMI) with firmware for Supermicro X9 generation motherboards before SMT_X9_317 and firmware for Supermicro X8 generation motherboards before SMT X8 312 contain harcoded private encryption keys for the (1) Lighttpd web server SSL interface and the (2) Dropbear SSH daemon.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Supermicro ≫ Smt X9 Firmware Version < 3.15

Supermicro ≫ Sh7758 Version-

Supermicro ≫ Smt X8 Firmware Version < 3.12

Supermicro ≫ Sh7757 Version-

Citrix ≫ Netscaler Sdx Firmware Version10

Citrix ≫ Netscaler Sdx Version-

Citrix ≫ Netscaler Firmware Version-

Citrix ≫ Netscaler Version-

Citrix ≫ Netscaler Sd-wan Firmware Version-

Citrix ≫ Netscaler Sd-wan Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	9.46%	0.92

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.1	2.2	5.9	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N

CWE-798 Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

https://support.citrix.com/article/CTX216642

Third Party Advisory

http://support.citrix.com/article/CTX216642

Third Party Advisory

https://community.rapid7.com/community/metasploit/blog/2013/11/05/supermicro-ipmi-firmware-vulnerabilities

Third Party Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/89044

Third Party Advisory

VDB Entry

https://www.supermicro.com/products/nfo/files/IPMI/CVE_Update.pdf

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2013-3619

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2013-3619

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2013-3619

EUVD