Lucene search
HistorySep 08, 2013 - 3:17 a.m.
CVE-2013-3609
supermicro
ipmi
cve-2013-3609
authorization
javascript
security vulnerability
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
6.7 Medium
AI Score
Confidence
Low
0.016 Low
EPSS
Percentile
87.6%
The web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC*, H8DG*, H8SCM-F, H8SGL-F, H8SM*, X7SP*, X8DT*, X8SI*, X9DAX-, X9DB, X9DR*, X9QR*, X9SBAA-F, X9SC*, X9SPU-F, and X9SR* devices relies on JavaScript code on the client for authorization checks, which allows remote authenticated users to bypass intended access restrictions via a crafted request, related to the PrivilegeCallBack function.
Affected configurations
Node
supermicroh8dcl-6fMatch-
ORsupermicroh8dcl-ifMatch-
ORsupermicroh8dct-hibqfMatch-
ORsupermicroh8dct-hln4fMatch-
ORsupermicroh8dct-ibqfMatch-
ORsupermicroh8dg6-fMatch-
ORsupermicroh8dgg-qfMatch-
ORsupermicroh8dgi-fMatch-
ORsupermicroh8dgt-hfMatch-
ORsupermicroh8dgt-hibqfMatch-
ORsupermicroh8dgt-hlfMatch-
ORsupermicroh8dgt-hlibqfMatch-
ORsupermicroh8dgu-fMatch-
ORsupermicroh8dgu-ln4f\+Match-
ORsupermicroh8scm-fMatch-
ORsupermicroh8sgl-fMatch-
ORsupermicroh8sme-fMatch-
ORsupermicroh8sml-7Match-
ORsupermicroh8sml-7fMatch-
ORsupermicroh8sml-iMatch-
ORsupermicroh8sml-ifMatch-
ORsupermicrox7spa-hfMatch-
ORsupermicrox7spa-hf-d525Match-
ORsupermicrox7spe-h-d525Match-
ORsupermicrox7spe-hfMatch-
ORsupermicrox7spe-hf-d525Match-
ORsupermicrox7spt-df-d525Match-
ORsupermicrox7spt-df-d525\+Match-
ORsupermicrox8dtl-3fMatch-
ORsupermicrox8dtl-6fMatch-
ORsupermicrox8dtl-ifMatch-
ORsupermicrox8dtn\+-fMatch-
ORsupermicrox8dtn\+-f-lrMatch-
ORsupermicrox8dtu-6f\+Match-
ORsupermicrox8dtu-6f\+-lrMatch-
ORsupermicrox8dtu-6tf\+Match-
ORsupermicrox8dtu-6tf\+-lrMatch-
ORsupermicrox8dtu-ln4f\+Match-
ORsupermicrox8dtu-ln4f\+-lrMatch-
ORsupermicrox8si6-fMatch-
ORsupermicrox8sia-fMatch-
ORsupermicrox8sie-fMatch-
ORsupermicrox8sie-ln4fMatch-
ORsupermicrox8sil-fMatch-
ORsupermicrox8sit-fMatch-
ORsupermicrox8sit-hfMatch-
ORsupermicrox8siu-fMatch-
ORsupermicrox9dax-7fMatch-
ORsupermicrox9dax-7f-hftMatch-
ORsupermicrox9dax-7tfMatch-
ORsupermicrox9dax-ifMatch-
ORsupermicrox9dax-if-hftMatch-
ORsupermicrox9dax-itfMatch-
ORsupermicrox9db3-fMatch-
ORsupermicrox9db3-tpfMatch-
ORsupermicrox9dbi-fMatch-
ORsupermicrox9dbi-tpfMatch-
ORsupermicrox9dbl-3fMatch-
ORsupermicrox9dbl-ifMatch-
ORsupermicrox9dbu-3fMatch-
ORsupermicrox9dbu-ifMatch-
ORsupermicrox9dr3-fMatch-
ORsupermicrox9dr3-ln4f\+Match-
ORsupermicrox9dr7-ln4fMatch-
ORsupermicrox9dr7-ln4f-jbodMatch-
ORsupermicrox9dr7-tf\+Match-
ORsupermicrox9drd-7jln4fMatch-
ORsupermicrox9drd-7ln4fMatch-
ORsupermicrox9drd-7ln4f-jbodMatch-
ORsupermicrox9drd-efMatch-
ORsupermicrox9drd-ifMatch-
ORsupermicrox9dre-ln4fMatch-
ORsupermicrox9dre-tf\+Match-
ORsupermicrox9drffMatch-
ORsupermicrox9drff-7Match-
ORsupermicrox9drff-7\+Match-
ORsupermicrox9drff-7g\+Match-
ORsupermicrox9drff-7t\+Match-
ORsupermicrox9drff-7tg\+Match-
ORsupermicrox9drff-i\+Match-
ORsupermicrox9drff-ig\+Match-
ORsupermicrox9drff-it\+Match-
ORsupermicrox9drff-itg\+Match-
ORsupermicrox9drfrMatch-
ORsupermicrox9drg-hfMatch-
ORsupermicrox9drg-hf\+Match-
ORsupermicrox9drg-htfMatch-
ORsupermicrox9drg-htf\+Match-
ORsupermicrox9drh-7fMatch-
ORsupermicrox9drh-7tfMatch-
ORsupermicrox9drh-ifMatch-
ORsupermicrox9drh-itfMatch-
ORsupermicrox9dri-fMatch-
ORsupermicrox9dri-ln4f\+Match-
ORsupermicrox9drl-3fMatch-
ORsupermicrox9drl-efMatch-
ORsupermicrox9drl-ifMatch-
ORsupermicrox9drt-fMatch-
ORsupermicrox9drt-h6fMatch-
ORsupermicrox9drt-h6ibffMatch-
ORsupermicrox9drt-h6ibqfMatch-
ORsupermicrox9drt-hf\+Match-
ORsupermicrox9drt-ibffMatch-
ORsupermicrox9drt-ibqfMatch-
ORsupermicrox9drw-3ln4f\+Match-
ORsupermicrox9drw-3tf\+Match-
ORsupermicrox9drw-7tpf\+Match-
ORsupermicrox9drw-itpf\+Match-
ORsupermicrox9drx\+-fMatch-
ORsupermicrox9qr7-tfMatch-
ORsupermicrox9qr7-tf\+Match-
ORsupermicrox9qr7-tf-jbodMatch-
ORsupermicrox9qri-fMatch-
ORsupermicrox9qri-f\+Match-
ORsupermicrox9sbaa-fMatch-
ORsupermicrox9sca-fMatch-
ORsupermicrox9scd-fMatch-
ORsupermicrox9sce-fMatch-
ORsupermicrox9scff-fMatch-
ORsupermicrox9sci-ln4fMatch-
ORsupermicrox9scl\+-fMatch-
ORsupermicrox9scl-fMatch-
ORsupermicrox9scm-fMatch-
ORsupermicrox9scm-iifMatch-
ORsupermicrox9spu-fMatch-
ORsupermicrox9srd-fMatch-
ORsupermicrox9sre-3fMatch-
ORsupermicrox9sre-fMatch-
ORsupermicrox9srg-fMatch-
ORsupermicrox9sri-3fMatch-
ORsupermicrox9sri-fMatch-
ORsupermicrox9srl-fMatch-
ORsupermicrox9srw-fMatch-
References
Related
cvelist
cvelist
CVE-2013-3609
2013-09-08 01:00:00
prion
prion
Authorization
2013-09-08 03:17:00
nvd
nvd
CVE-2013-3609
2013-09-08 03:17:39
cert
cert
Supermicro IPMI based on ATEN firmware contain multiple vulnerabilities
2013-08-30 00:00:00
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
6.7 Medium
AI Score
Confidence
Low
0.016 Low
EPSS
Percentile
87.6%
Related for CVE-2013-3609