Lucene search

[email protected]CVE-2018-13787

HistoryJul 09, 2018 - 6:29 p.m.

CVE-2018-13787

2018-07-0918:29:00

[email protected]

web.nvd.nist.gov

supermicro

firmware

misconfiguration

os programs

descriptor region

vulnerability

cve-2018-13787

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.4 Medium

AI Score

Confidence

High

7.2 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

20.8%

JSON

Certain Supermicro X11S, X10, X9, X8SI, K1SP, C9X299, C7, B1, A2, and A1 products have a misconfigured Descriptor Region, allowing OS programs to modify firmware.

Affected configurations

NVD

Node

supermicrox11ssz_firmwareMatch-

AND

supermicrox11sszMatch-

Node

supermicrox11ssv_firmwareMatch-

AND

supermicrox11ssvMatch-

Node

supermicrox11ssql_firmwareMatch-

AND

supermicrox11ssqlMatch-

Node

supermicrox11ssq_firmwareMatch-

AND

supermicrox11ssqMatch-

Node

supermicrox11ssn_firmwareMatch-

AND

supermicrox11ssnMatch-

Node

supermicrox11srm_firmwareMatch-

AND

supermicrox11srmMatch-

Node

supermicrox11sra_firmwareMatch-

AND

supermicrox11sraMatch-

Node

supermicrox11sba_firmwareMatch-

AND

supermicrox11sbaMatch-

Node

supermicrox11sat_firmwareMatch-

AND

supermicrox11satMatch-

Node

supermicrox11sae_m_firmwareMatch-

AND

supermicrox11sae_mMatch-

Node

supermicrox11sae_firmwareMatch-

AND

supermicrox11saeMatch-

Node

supermicrox10srw_firmwareMatch-

AND

supermicrox10srwMatch-

Node

supermicrox10srm_firmwareMatch-

AND

supermicrox10srmMatch-

Node

supermicrox10srl_firmwareMatch-

AND

supermicrox10srlMatch-

Node

supermicrox10sri_firmwareMatch-

AND

supermicrox10sriMatch-

Node

supermicrox10srh_firmwareMatch-

AND

supermicrox10srhMatch-

Node

supermicrox10srg_firmwareMatch-

AND

supermicrox10srgMatch-

Node

supermicrox10srd_firmwareMatch-

AND

supermicrox10srdMatch-

Node

supermicrox10sra_firmwareMatch-

AND

supermicrox10sraMatch-

Node

supermicrox10sdvt_firmwareMatch-

AND

supermicrox10sdvtMatch-

Node

supermicrox10sdvf_firmwareMatch-

AND

supermicrox10sdvfMatch-

Node

supermicrox10sde_firmwareMatch-

AND

supermicrox10sdeMatch-

Node

supermicrox10sddf_firmwareMatch-

AND

supermicrox10sddfMatch-

Node

supermicrox10sba_firmwareMatch-

AND

supermicrox10sbaMatch-

Node

supermicrox10qrh_firmwareMatch-

AND

supermicrox10qrhMatch-

Node

supermicrox10dsn_firmwareMatch-

AND

supermicrox10dsnMatch-

Node

supermicrox10dscp_firmwareMatch-

AND

supermicrox10dscpMatch-

Node

supermicrox10dsc_firmwareMatch-

AND

supermicrox10dscMatch-

Node

supermicrox10drx_firmwareMatch-

AND

supermicrox10drxMatch-

Node

supermicrox10drwn_firmwareMatch-

AND

supermicrox10drwnMatch-

Node

supermicrox10drw_firmwareMatch-

AND

supermicrox10drwMatch-

Node

supermicrox10drux_firmwareMatch-

AND

supermicrox10druxMatch-

Node

supermicrox10drul_firmwareMatch-

AND

supermicrox10drulMatch-

Node

supermicrox10dru_firmwareMatch-

AND

supermicrox10druMatch-

Node

supermicrox10drts_firmwareMatch-

AND

supermicrox10drtsMatch-

Node

supermicrox10drtps_firmwareMatch-

AND

supermicrox10drtpsMatch-

Node

supermicrox10drtl_firmwareMatch-

AND

supermicrox10drtlMatch-

Node

supermicrox10drth_firmwareMatch-

AND

supermicrox10drthMatch-

Node

supermicrox10drtb_firmwareMatch-

AND

supermicrox10drtbMatch-

Node

supermicrox10drt_firmwareMatch-

AND

supermicrox10drtMatch-

Node

supermicrox10drs_firmwareMatch-

AND

supermicrox10drsMatch-

Node

supermicrox10drln_firmwareMatch-

AND

supermicrox10drlnMatch-

Node

supermicrox10drlc_firmwareMatch-

AND

supermicrox10drlcMatch-

Node

supermicrox10drl_firmwareMatch-

AND

supermicrox10drlMatch-

Node

supermicrox10dri1_firmwareMatch-

AND

supermicrox10dri1Match-

Node

supermicrox10drh4_firmwareMatch-

AND

supermicrox10drh4Match-

Node

supermicrox10drh_firmwareMatch-

AND

supermicrox10drhMatch-

Node

supermicrox10drgo_firmwareMatch-

AND

supermicrox10drgoMatch-

Node

supermicrox10drgh_firmwareMatch-

AND

supermicrox10drghMatch-

Node

supermicrox10drg_firmwareMatch-

AND

supermicrox10drgMatch-

Node

supermicrox10drfr_firmwareMatch-

AND

supermicrox10drfrMatch-

Node

supermicrox10drfg_firmwareMatch-

AND

supermicrox10drfgMatch-

Node

supermicrox10drff_firmwareMatch-

AND

supermicrox10drffMatch-

Node

supermicrox10drdl_firmwareMatch-

AND

supermicrox10drdlMatch-

Node

supermicrox10drd_firmwareMatch-

AND

supermicrox10drdMatch-

Node

supermicrox10drc_firmwareMatch-

AND

supermicrox10drcMatch-

Node

supermicrox10dgo_firmwareMatch-

AND

supermicrox10dgoMatch-

Node

supermicrox10ddwn_firmwareMatch-

AND

supermicrox10ddwnMatch-

Node

supermicrox10ddwi_firmwareMatch-

AND

supermicrox10ddwiMatch-

Node

supermicrox10ddw4_firmwareMatch-

AND

supermicrox10ddw4Match-

Node

supermicrox10ddw3_firmwareMatch-

AND

supermicrox10ddw3Match-

Node

supermicrox10dax_firmwareMatch-

AND

supermicrox10daxMatch-

Node

supermicrox10dali_firmwareMatch-

AND

supermicrox10daliMatch-

Node

supermicrox10dal_firmwareMatch-

AND

supermicrox10dalMatch-

Node

supermicrox10dai_firmwareMatch-

AND

supermicrox10daiMatch-

Node

supermicrob10drt_firmwareMatch-

AND

supermicrob10drtMatch-

Node

supermicrob10dri_firmwareMatch-

AND

supermicrob10driMatch-

Node

supermicrob10drg_firmwareMatch-

AND

supermicrob10drgMatch-

Node

supermicrox9sae_firmwareMatch-

AND

supermicrox9saeMatch-

Node

supermicrox9drth_firmwareMatch-

AND

supermicrox9drthMatch-

Node

supermicrox9drgqf_firmwareMatch-

AND

supermicrox9drgqfMatch-

Node

supermicrox9drffp_firmwareMatch-

AND

supermicrox9drffpMatch-

Node

supermicrox9drf_firmwareMatch-

AND

supermicrox9drfMatch-

Node

supermicrox9dbl_firmwareMatch-

AND

supermicrox9dblMatch-

Node

supermicrox8siu_firmwareMatch-

AND

supermicrox8siuMatch-

Node

supermicrox8sit_firmwareMatch-

AND

supermicrox8sitMatch-

Node

supermicrox8sil_firmwareMatch-

AND

supermicrox8silMatch-

Node

supermicrox8sie_firmwareMatch-

AND

supermicrox8sieMatch-

Node

supermicrox8sia_firmwareMatch-

AND

supermicrox8siaMatch-

Node

supermicrok1spi_firmwareMatch-

AND

supermicrok1spiMatch-

Node

supermicrok1spes_firmwareMatch-

AND

supermicrok1spesMatch-

Node

supermicroc9x299_firmwareMatch-

AND

supermicroc9x299Match-

Node

supermicroc7z97oc_firmwareMatch-

AND

supermicroc7z97ocMatch-

Node

supermicroc7z97mf_firmwareMatch-

AND

supermicroc7z97mfMatch-

Node

supermicroc7z87oc_firmwareMatch-

AND

supermicroc7z87ocMatch-

Node

supermicroc7z370l_firmwareMatch-

AND

supermicroc7z370lMatch-

Node

supermicroc7z370i_firmwareMatch-

AND

supermicroc7z370iMatch-

Node

supermicroc7z270p_firmwareMatch-

AND

supermicroc7z270pMatch-

Node

supermicroc7z270m_firmwareMatch-

AND

supermicroc7z270mMatch-

Node

supermicroc7z270l_firmwareMatch-

AND

supermicroc7z270lMatch-

Node

supermicroc7z270cg_firmwareMatch-

AND

supermicroc7z270cgMatch-

Node

supermicroc7z270c_firmwareMatch-

AND

supermicroc7z270cMatch-

Node

supermicroc7z170oce_firmwareMatch-

AND

supermicroc7z170oceMatch-

Node

supermicroc7z170o_firmwareMatch-

AND

supermicroc7z170oMatch-

Node

supermicroc7z170_firmwareMatch-

AND

supermicroc7z170Match-

Node

supermicroc7x99oc_firmwareMatch-

AND

supermicroc7x99ocMatch-

Node

supermicroc7q270_firmwareMatch-

AND

supermicroc7q270Match-

Node

supermicroc7h270_firmwareMatch-

AND

supermicroc7h270Match-

Node

supermicroc7b250_firmwareMatch-

AND

supermicroc7b250Match-

Node

supermicrob1sd2tf_firmwareMatch-

AND

supermicrob1sd2tfMatch-

Node

supermicrob1sa4_firmwareMatch-

AND

supermicrob1sa4Match-

Node

supermicrob1dri_firmwareMatch-

AND

supermicrob1driMatch-

Node

supermicroa2sav_firmwareMatch-

AND

supermicroa2savMatch-

Node

supermicroa2sap_firmwareMatch-

AND

supermicroa2sapMatch-

Node

supermicroa2san_firmwareMatch-

AND

supermicroa2sanMatch-

Node

supermicroa1srm_firmwareMatch-

AND

supermicroa1srmMatch-

Node

supermicroa1sam_firmwareMatch-

AND

supermicroa1samMatch-

Node

supermicroa1sai1_firmwareMatch-

AND

supermicroa1sai1Match-

Node

supermicroa1sai_firmwareMatch-

AND

supermicroa1saiMatch-

Node

supermicroa1sa_firmwareMatch-

AND

supermicroa1saMatch-

CPENameOperatorVersion
supermicro:x11ssz_firmwaresupermicro x11ssz firmwareeq-

CPE	Name	Operator	Version
supermicro:x11ssz_firmware	supermicro x11ssz firmware	eq	-

References

blog.eclypsium.com/2018/06/07/firmware-vulnerabilities-in-supermicro-systems/

www.bleepingcomputer.com/news/security/firmware-vulnerabilities-disclosed-in-supermicro-server-products/

www.supermicro.com/support/security_Intel-SA-00088.cfm?pg=X10#tab

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.4 Medium

AI Score

Confidence

High

7.2 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

20.8%

JSON

Related for CVE-2018-13787

nvd1 ibm1 prion1 cvelist1