10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.061 Low
EPSS
Percentile
93.5%
Supermicro Intelligent Platform Management Interface (IPMI) implementations based on ATEN firmware contain multiple vulnerabilities in their web management interface.
CWE-121: Stack-based Buffer Overflow - CVE-2013-3607
The Supermicro IPMI web interface contains multiple buffer overflows, including one in the username and password fields of the login screen. This may allow for privileged remote code execution on the Baseboard Management Controller (BMC).
CWE-20: Improper Input Validation - CVE-2013-3608
The Supermicro IPMI web interface does not properly sanitize input, which may allow an attacker to perform shell injection attacks and execute commands as a privileged user.
CWE-269: Improper Privilege Management - CVE-2013-3609
The Supermicro IPMI web interface relies on client-side privilege validation, which may allow an attacker to perform privilege escalation attacks.
This is a list of potentially vulnerable firmwares and models:
Firmware files (30): H8DGU_V250.zip, SMT_227.zip, SMT_236.zip, SMT_243.zip, SMT_250.zip, SMT_252.zip, SMT_255.zip, SMT_257.zip, SMT_SX_266.zip, SMT_V220.zip, SMT_X9_160.zip, SMT_X9_164.zip, SMT_X9_165.zip, SMT_X9_176.zip, SMT_X9_186.zip, SMT_X9_187.zip, SMT_X9_188.zip, SMT_X9_189.zip, SMT_X9_210.zip, SMT_X9_213.zip, SMT_X9_214.zip, SMT_X9_215.zip, SMT_X9_216.zip, SMT_X9_217.zip, SMT_X9_220.zip, SMT_X9_221.zip, SMT_X9_222.zip, SMT_X9_226.zip, SMT_X9_227.zip, SMT_X9DB3_V406.zip.
Names (73): IPMI_7SPA, IPMI_7SPE, IPMI_7SPT, IPMI_7SPT-DF-D525+, IPMI_8DG6, IPMI_8DGG, IPMI_8DGTH, IPMI_8DGT-HLF/HLIBQF, IPMI_8DGU, IPMI_8DGUL, IPMI_8DTL, IPMI_8DTN+, IPMI_8DTU+, IPMI_8SGL, IPMI_8SI6, IPMI_8SIA, IPMI_8SIL, IPMI_8SIT-F, IPMI_8SIT-HF, IPMI_8SIU, IPMI_8SME-F, IPMI_8SML-7/i(F), IPMI_9DAX-7/i(T)F, IPMI_9DAX-i/7F-HFT, IPMI_9DB3/i-(TP)F, IPMI_9DBL-iF/3F, IPMI_9DR3, IPMI_9DR7/E-TF+,IPMI_9DR7-LN4F, IPMI_9DRD-7LN4F-JBOD, IPMI_9DRD-IF, IPMI_9DRFF-(7), IPMI_9DRFF-7/i(T)+, IPMI_9DRFF-7/i(T)G+, IPMI_9DRFR, IPMI_9DRG, IPMI_9DRG-H, IPMI_9DRH, IPMI_9DRi,
IPMI_9DRi/3-LN4F+, IPMI_9DRL-3/iF, IPMI_9DRL-EF, IPMI_9DRT-F, IPMI_9DRT-H6, IPMI_9DRT-HF+, IPMI_9DRT-HF/HIBFF/HIBQF, IPMI_9DRW-3, IPMI_9DRW-7/iTPF+, IPMI_9DRW-7TPF, IPMI_9DRX, IPMI_9QR7/i, IPMI_9QR7-TF, IPMI_9SBAA-F, IPMI_9SCD, IPMI_9SCE-F, IPMI_9SCFF-F, IPMI_9SCI-LN4F, IPMI_9SCM, IPMI_9SCM-iiF, IPMI_9SPU-F, IPMI_9SRD-F, IPMI_9SRE/i-(3)F, IPMI_9SRG, IPMI_9SRL, IPMI_9SRW-F, IPMI_DTU4L, IPMI_H8DCL, IPMI_H8DCT, IPMI_H8DCT-H, IPMI_SCM, IPMI_X9DBU-3F/iF, IPMI_X9DR7/E-LN4F, IPMI_X9DRD-7LN4F.
Device models (135): X9SRW-F, X9SRL-F, X9SRG-F, X9SRE-3F, X9SRE-F, X9SRi-3F, X9SRi-F, X9SRD-F, X9SPU-F, X9SCM-iiF, X9SCL±F, X9SCL-F, X9SCM-F, X9SCI-LN4F, X9SCFF-F, X9SCE-F, X9SCA-F, X9SCD-F, X9SBAA-F, X9QR7-TF, X9QR7-TF-JBOD, X9QRi-F, X9QR7-TF+, X9QRi-F+, X9DRX±F, X9DRX±F, X9DRW-iTPF, X9DRW-7TPF+, X9DRW-iTPF+, X9DRW-3LN4F+, X9DRW-3TF+, X9DRT-HF+, X9DRT-H6F, X9DRT-H6IBFF,
X9DRT-H6IBQF, X9DRT-F, X9DRT-IBFF, X9DRT-IBQF, X9DRL-EF, X9DRL-3F, X9DRL-iF, X9DRi-F, X9DRH-7F, X9DRH-7TF, X9DRH-iF, X9DRH-iTF, X9DRG-HF, X9DRG-HTF, X9DRG-HF+, X9DRG-HTF+, X9DRFR, X9DRFF,
X9DRFF-7, X9DRFF-7G+, X9DRFF-7TG+, X9DRFF-iG+, X9DRFF-iTG+, X9DRFF-7+, X9DRFF-7T+, X9DRFF-i+, X9DRFF-iT+, X9DRD-iF, X9DRD-7LN4F, X9DRD-EF, X9DRD-7JLN4F, X9DRD-7LN4F-JBOD, X9DR7-TF+, X9DRE-TF+, X9DR7-LN4F, X9DRE-LN4F, X9DR7-LN4F-JBOD, X9DR3-LN4F+, X9DRi-LN4F+, X9DR3-F, X9DBU-3F, X9DBU-iF, X9DBL-3F, X9DBL-iF, X9DB3-F, X9DB3-TPF, X9DBi-F, X9DBi-TPF, X9DAX-7F, X9DAX-7TF, X9DAX-iF, X9DAX-iTF, X9DAX-7F-HFT, X9DAX-iF-HFT, X8SIU-F, X8SIT-HF, X8SIT-F, X8SIL-F, X8SIA-F, X8SI6-F, X8SIE-F, X8SIE-LN4F, X8DTU-LN4F+, X8DTU-LN4F±LR, X8DTU-6F+, X8DTU-6F±LR, X8DTU-6TF+, X8DTU-6TF±LR, X8DTN±F, X8DTN±F-LR, X8DTL-3F, X8DTL-6F, X8DTL-IF, X7SPT-DF-D525, X7SPT-DF-D525+, X7SPA-HF, X7SPA-HF-D525, X7SPE-H-D525, X7SPE-HF, X7SPE-HF-D525, H8SML-7, H8SML-7F, H8SML-i,
H8SML-iF, H8SME-F, H8SGL-F, H8SCM-F, H8DGU-LN4F+, H8DGU-F, H8DGT-HLF, H8DGT-HLIBQF, H8DGT-HF, H8DGT-HIBQF, H8DGG-QF, H8DG6-F, H8DGi-F, H8DCT-HIBQF, H8DCT-HLN4F, H8DCT-F, H8DCT-IBQF, H8DCL-6F, H8DCL-iF.
A remote unauthenticated attacker may obtain sensitive information, cause a denial of service, or execute arbitrary code as a privileged user.
Update BMC Firmware
Please see Firmware Fixes to Common Vulnerabilities and Exposures.
Restrict IPMI to Internal Networks
Restrict IPMI traffic to trusted internal networks. Traffic from IPMI (usually UDP port 623) should be restricted to a management VLAN segment with strong network controls. Scan for IPMI usage outside of the trusted network and monitor the trusted network for abnormal activity.
648646
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: July 30, 2013 Updated: July 29, 2014
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Group | Score | Vector |
---|---|---|
Base | 8.3 | AV:A/AC:L/Au:N/C:C/I:C/A:C |
Temporal | 5.8 | E:POC/RL:OF/RC:UC |
Environmental | 5.3 | CDP:LM/TD:M/CR:ND/IR:ND/AR:ND |
Thanks to J. Alex Halderman and Anthony Bonkoski for reporting this vulnerability.
This document was written by Chris King.
CVE IDs: | CVE-2013-3607, CVE-2013-3608, CVE-2013-3609 |
---|---|
Date Public: | 2013-08-13 Date First Published: |