Lucene search
HistorySep 08, 2013 - 3:17 a.m.
CVE-2013-3608
security
web interface
ipmi
supermicro
remote authentication
arbitrary commands
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
7.6 High
AI Score
Confidence
Low
0.033 Low
EPSS
Percentile
91.4%
The web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC*, H8DG*, H8SCM-F, H8SGL-F, H8SM*, X7SP*, X8DT*, X8SI*, X9DAX-, X9DB, X9DR*, X9QR*, X9SBAA-F, X9SC*, X9SPU-F, and X9SR* devices allows remote authenticated users to execute arbitrary commands via shell metacharacters, as demonstrated by the IP address field in config_date_time.cgi.
Affected configurations
Node
supermicroh8dcl-6fMatch-
ORsupermicroh8dcl-ifMatch-
ORsupermicroh8dct-hibqfMatch-
ORsupermicroh8dct-hln4fMatch-
ORsupermicroh8dct-ibqfMatch-
ORsupermicroh8dg6-fMatch-
ORsupermicroh8dgg-qfMatch-
ORsupermicroh8dgi-fMatch-
ORsupermicroh8dgt-hfMatch-
ORsupermicroh8dgt-hibqfMatch-
ORsupermicroh8dgt-hlfMatch-
ORsupermicroh8dgt-hlibqfMatch-
ORsupermicroh8dgu-fMatch-
ORsupermicroh8dgu-ln4f\+Match-
ORsupermicroh8scm-fMatch-
ORsupermicroh8sgl-fMatch-
ORsupermicroh8sme-fMatch-
ORsupermicroh8sml-7Match-
ORsupermicroh8sml-7fMatch-
ORsupermicroh8sml-iMatch-
ORsupermicroh8sml-ifMatch-
ORsupermicrox7spa-hfMatch-
ORsupermicrox7spa-hf-d525Match-
ORsupermicrox7spe-h-d525Match-
ORsupermicrox7spe-hfMatch-
ORsupermicrox7spe-hf-d525Match-
ORsupermicrox7spt-df-d525Match-
ORsupermicrox7spt-df-d525\+Match-
ORsupermicrox8dtl-3fMatch-
ORsupermicrox8dtl-6fMatch-
ORsupermicrox8dtl-ifMatch-
ORsupermicrox8dtn\+-fMatch-
ORsupermicrox8dtn\+-f-lrMatch-
ORsupermicrox8dtu-6f\+Match-
ORsupermicrox8dtu-6f\+-lrMatch-
ORsupermicrox8dtu-6tf\+Match-
ORsupermicrox8dtu-6tf\+-lrMatch-
ORsupermicrox8dtu-ln4f\+Match-
ORsupermicrox8dtu-ln4f\+-lrMatch-
ORsupermicrox8si6-fMatch-
ORsupermicrox8sia-fMatch-
ORsupermicrox8sie-fMatch-
ORsupermicrox8sie-ln4fMatch-
ORsupermicrox8sil-fMatch-
ORsupermicrox8sit-fMatch-
ORsupermicrox8sit-hfMatch-
ORsupermicrox8siu-fMatch-
ORsupermicrox9dax-7fMatch-
ORsupermicrox9dax-7f-hftMatch-
ORsupermicrox9dax-7tfMatch-
ORsupermicrox9dax-ifMatch-
ORsupermicrox9dax-if-hftMatch-
ORsupermicrox9dax-itfMatch-
ORsupermicrox9db3-fMatch-
ORsupermicrox9db3-tpfMatch-
ORsupermicrox9dbi-fMatch-
ORsupermicrox9dbi-tpfMatch-
ORsupermicrox9dbl-3fMatch-
ORsupermicrox9dbl-ifMatch-
ORsupermicrox9dbu-3fMatch-
ORsupermicrox9dbu-ifMatch-
ORsupermicrox9dr3-fMatch-
ORsupermicrox9dr3-ln4f\+Match-
ORsupermicrox9dr7-ln4fMatch-
ORsupermicrox9dr7-ln4f-jbodMatch-
ORsupermicrox9dr7-tf\+Match-
ORsupermicrox9drd-7jln4fMatch-
ORsupermicrox9drd-7ln4fMatch-
ORsupermicrox9drd-7ln4f-jbodMatch-
ORsupermicrox9drd-efMatch-
ORsupermicrox9drd-ifMatch-
ORsupermicrox9dre-ln4fMatch-
ORsupermicrox9dre-tf\+Match-
ORsupermicrox9drffMatch-
ORsupermicrox9drff-7Match-
ORsupermicrox9drff-7\+Match-
ORsupermicrox9drff-7g\+Match-
ORsupermicrox9drff-7t\+Match-
ORsupermicrox9drff-7tg\+Match-
ORsupermicrox9drff-i\+Match-
ORsupermicrox9drff-ig\+Match-
ORsupermicrox9drff-it\+Match-
ORsupermicrox9drff-itg\+Match-
ORsupermicrox9drfrMatch-
ORsupermicrox9drg-hfMatch-
ORsupermicrox9drg-hf\+Match-
ORsupermicrox9drg-htfMatch-
ORsupermicrox9drg-htf\+Match-
ORsupermicrox9drh-7fMatch-
ORsupermicrox9drh-7tfMatch-
ORsupermicrox9drh-ifMatch-
ORsupermicrox9drh-itfMatch-
ORsupermicrox9dri-fMatch-
ORsupermicrox9dri-ln4f\+Match-
ORsupermicrox9drl-3fMatch-
ORsupermicrox9drl-efMatch-
ORsupermicrox9drl-ifMatch-
ORsupermicrox9drt-fMatch-
ORsupermicrox9drt-h6fMatch-
ORsupermicrox9drt-h6ibffMatch-
ORsupermicrox9drt-h6ibqfMatch-
ORsupermicrox9drt-hf\+Match-
ORsupermicrox9drt-ibffMatch-
ORsupermicrox9drt-ibqfMatch-
ORsupermicrox9drw-3ln4f\+Match-
ORsupermicrox9drw-3tf\+Match-
ORsupermicrox9drw-7tpf\+Match-
ORsupermicrox9drw-itpf\+Match-
ORsupermicrox9drx\+-fMatch-
ORsupermicrox9qr7-tfMatch-
ORsupermicrox9qr7-tf\+Match-
ORsupermicrox9qr7-tf-jbodMatch-
ORsupermicrox9qri-fMatch-
ORsupermicrox9qri-f\+Match-
ORsupermicrox9sbaa-fMatch-
ORsupermicrox9sca-fMatch-
ORsupermicrox9scd-fMatch-
ORsupermicrox9sce-fMatch-
ORsupermicrox9scff-fMatch-
ORsupermicrox9sci-ln4fMatch-
ORsupermicrox9scl\+-fMatch-
ORsupermicrox9scl-fMatch-
ORsupermicrox9scm-fMatch-
ORsupermicrox9scm-iifMatch-
ORsupermicrox9spu-fMatch-
ORsupermicrox9srd-fMatch-
ORsupermicrox9sre-3fMatch-
ORsupermicrox9sre-fMatch-
ORsupermicrox9srg-fMatch-
ORsupermicrox9sri-3fMatch-
ORsupermicrox9sri-fMatch-
ORsupermicrox9srl-fMatch-
ORsupermicrox9srw-fMatch-
References
Related
cvelist
cvelist
CVE-2013-3608
2013-09-08 01:00:00
prion
prion
Design/Logic Flaw
2013-09-08 03:17:00
nvd
nvd
CVE-2013-3608
2013-09-08 03:17:39
cert
cert
Supermicro IPMI based on ATEN firmware contain multiple vulnerabilities
2013-08-30 00:00:00
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
7.6 High
AI Score
Confidence
Low
0.033 Low
EPSS
Percentile
91.4%
Related for CVE-2013-3608