CVE-2013-3623

2013-12-1016:11:18

CWE-119

[email protected]

web.nvd.nist.gov

cve-2013-3623

buffer overflow

stack-based

ipmi

remote code execution

firmware vulnerability

nvd

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

8.1 High

AI Score

Confidence

Low

0.97 High

EPSS

Percentile

99.8%

JSON

Multiple stack-based buffer overflows in cgi/close_window.cgi in the web interface in the Intelligent Platform Management Interface (IPMI) with firmware before 3.15 (SMT_X9_315) on Supermicro X9 generation motherboards allow remote attackers to execute arbitrary code via the (1) sess_sid or (2) ACT parameter.

Affected configurations

NVD

Node

supermicrointelligent_platform_management_firmwareRange≤2.26----x9_generation_motherboards

supermicrointelligent_platform_management_firmwareMatch2.24----x9_generation_motherboards

CPENameOperatorVersion
supermicro:intelligent_platform_management_firmwaresupermicro intelligent platform management firmwarele2.26
supermicro:intelligent_platform_management_firmwaresupermicro intelligent platform management firmwareeq2.24

CPE	Name	Operator	Version
supermicro:intelligent_platform_management_firmware	supermicro intelligent platform management firmware	le	2.26
supermicro:intelligent_platform_management_firmware	supermicro intelligent platform management firmware	eq	2.24