10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
8.1 High
AI Score
Confidence
Low
0.97 High
EPSS
Percentile
99.8%
Multiple stack-based buffer overflows in cgi/close_window.cgi in the web interface in the Intelligent Platform Management Interface (IPMI) with firmware before 3.15 (SMT_X9_315) on Supermicro X9 generation motherboards allow remote attackers to execute arbitrary code via the (1) sess_sid or (2) ACT parameter.
www.exploit-db.com/exploits/29666
www.securityfocus.com/bid/63775
www.supermicro.com/products/nfo/files/IPMI/CVE_Update.pdf
www.thomas-krenn.com/en/wiki/Supermicro_IPMI_Security_Updates_November_2013
community.rapid7.com/community/metasploit/blog/2013/11/06/supermicro-ipmi-firmware-vulnerabilities
support.citrix.com/article/CTX216642