CVE-2013-3607 - Vulnerability Details

Multiple stack-based buffer overflows in the web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC*, H8DG*, H8SCM-F, H8SGL-F, H8SM*, X7SP*, X8DT*, X8SI*, X9DAX-*, X9DB*, X9DR*, X9QR*, X9SBAA-F, X9SC*, X9SPU-F, and X9SR* devices allow remote attackers to execute arbitrary code on the Baseboard Management Controller (BMC), as demonstrated by the (1) username or (2) password field in login.cgi.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Supermicro	H8dcl-6f H8dcl-if H8dct-hibqf H8dct-hln4f H8dct-ibqf H8dg6-f H8dgg-qf H8dgi-f H8dgt-hf H8dgt-hibqf H8dgt-hlf H8dgt-hlibqf H8dgu-f H8dgu-ln4f\+ H8scm-f H8sgl-f H8sme-f H8sml-7 H8sml-7f H8sml-i H8sml-if X7spa-hf X7spa-hf-d525 X7spe-h-d525 X7spe-hf X7spe-hf-d525 X7spt-df-d525 X7spt-df-d525\+ X8dtl-3f X8dtl-6f X8dtl-if X8dtn\+-f X8dtn\+-f-lr X8dtu-6f\+ X8dtu-6f\+-lr X8dtu-6tf\+ X8dtu-6tf\+-lr X8dtu-ln4f\+ X8dtu-ln4f\+-lr X8si6-f X8sia-f X8sie-f X8sie-ln4f X8sil-f X8sit-f X8sit-hf X8siu-f X9dax-7f X9dax-7f-hft X9dax-7tf X9dax-if X9dax-if-hft X9dax-itf X9db3-f X9db3-tpf X9dbi-f X9dbi-tpf X9dbl-3f X9dbl-if X9dbu-3f X9dbu-if X9dr3-f X9dr3-ln4f\+ X9dr7-ln4f X9dr7-ln4f-jbod X9dr7-tf\+ X9drd-7jln4f X9drd-7ln4f X9drd-7ln4f-jbod X9drd-ef X9drd-if X9dre-ln4f X9dre-tf\+ X9drff X9drff-7 X9drff-7\+ X9drff-7g\+ X9drff-7t\+ X9drff-7tg\+ X9drff-i\+ X9drff-ig\+ X9drff-it\+ X9drff-itg\+ X9drfr X9drg-hf X9drg-hf\+ X9drg-htf X9drg-htf\+ X9drh-7f X9drh-7tf X9drh-if X9drh-itf X9dri-f X9dri-ln4f\+ X9drl-3f X9drl-ef X9drl-if X9drt-f X9drt-h6f X9drt-h6ibff X9drt-h6ibqf X9drt-hf\+ X9drt-ibff X9drt-ibqf X9drw-3ln4f\+ X9drw-3tf\+ X9drw-7tpf\+ X9drw-itpf\+ X9drx\+-f X9qr7-tf X9qr7-tf-jbod X9qr7-tf\+ X9qri-f X9qri-f\+ X9sbaa-f X9sca-f X9scd-f X9sce-f X9scff-f X9sci-ln4f X9scl-f X9scl\+-f X9scm-f X9scm-iif X9spu-f X9srd-f X9sre-3f X9sre-f X9srg-f X9sri-3f X9sri-f X9srl-f X9srw-f

Configuration 1 [-]

OR	cpe:2.3:h:supermicro:h8dcl-6f:-:::::::*
	cpe:2.3:h:supermicro:h8dcl-if:-:::::::*
	cpe:2.3:h:supermicro:h8dct-hibqf:-:::::::*
	cpe:2.3:h:supermicro:h8dct-hln4f:-:::::::*
	cpe:2.3:h:supermicro:h8dct-ibqf:-:::::::*
	cpe:2.3:h:supermicro:h8dg6-f:-:::::::*
	cpe:2.3:h:supermicro:h8dgg-qf:-:::::::*
	cpe:2.3:h:supermicro:h8dgi-f:-:::::::*
	cpe:2.3:h:supermicro:h8dgt-hf:-:::::::*
	cpe:2.3:h:supermicro:h8dgt-hibqf:-:::::::*
	cpe:2.3:h:supermicro:h8dgt-hlf:-:::::::*
	cpe:2.3:h:supermicro:h8dgt-hlibqf:-:::::::*
	cpe:2.3:h:supermicro:h8dgu-f:-:::::::*
	cpe:2.3:h:supermicro:h8dgu-ln4f\+:-:::::::*
	cpe:2.3:h:supermicro:h8scm-f:-:::::::*
	cpe:2.3:h:supermicro:h8sgl-f:-:::::::*
	cpe:2.3:h:supermicro:h8sme-f:-:::::::*
	cpe:2.3:h:supermicro:h8sml-7:-:::::::*
	cpe:2.3:h:supermicro:h8sml-7f:-:::::::*
	cpe:2.3:h:supermicro:h8sml-i:-:::::::*
	cpe:2.3:h:supermicro:h8sml-if:-:::::::*
	cpe:2.3:h:supermicro:x7spa-hf:-:::::::*
	cpe:2.3:h:supermicro:x7spa-hf-d525:-:::::::*
	cpe:2.3:h:supermicro:x7spe-h-d525:-:::::::*
	cpe:2.3:h:supermicro:x7spe-hf:-:::::::*
	cpe:2.3:h:supermicro:x7spe-hf-d525:-:::::::*
	cpe:2.3:h:supermicro:x7spt-df-d525:-:::::::*
	cpe:2.3:h:supermicro:x7spt-df-d525\+:-:::::::*
	cpe:2.3:h:supermicro:x8dtl-3f:-:::::::*
	cpe:2.3:h:supermicro:x8dtl-6f:-:::::::*
	cpe:2.3:h:supermicro:x8dtl-if:-:::::::*
	cpe:2.3:h:supermicro:x8dtn\+-f:-:::::::*
	cpe:2.3:h:supermicro:x8dtn\+-f-lr:-:::::::*
	cpe:2.3:h:supermicro:x8dtu-6f\+:-:::::::*
	cpe:2.3:h:supermicro:x8dtu-6f\+-lr:-:::::::*
	cpe:2.3:h:supermicro:x8dtu-6tf\+:-:::::::*
	cpe:2.3:h:supermicro:x8dtu-6tf\+-lr:-:::::::*
	cpe:2.3:h:supermicro:x8dtu-ln4f\+:-:::::::*
	cpe:2.3:h:supermicro:x8dtu-ln4f\+-lr:-:::::::*
	cpe:2.3:h:supermicro:x8si6-f:-:::::::*
	cpe:2.3:h:supermicro:x8sia-f:-:::::::*
	cpe:2.3:h:supermicro:x8sie-f:-:::::::*
	cpe:2.3:h:supermicro:x8sie-ln4f:-:::::::*
	cpe:2.3:h:supermicro:x8sil-f:-:::::::*
	cpe:2.3:h:supermicro:x8sit-f:-:::::::*
	cpe:2.3:h:supermicro:x8sit-hf:-:::::::*
	cpe:2.3:h:supermicro:x8siu-f:-:::::::*
	cpe:2.3:h:supermicro:x9dax-7f:-:::::::*
	cpe:2.3:h:supermicro:x9dax-7f-hft:-:::::::*
	cpe:2.3:h:supermicro:x9dax-7tf:-:::::::*
	cpe:2.3:h:supermicro:x9dax-if:-:::::::*
	cpe:2.3:h:supermicro:x9dax-if-hft:-:::::::*
	cpe:2.3:h:supermicro:x9dax-itf:-:::::::*
	cpe:2.3:h:supermicro:x9db3-f:-:::::::*
	cpe:2.3:h:supermicro:x9db3-tpf:-:::::::*
	cpe:2.3:h:supermicro:x9dbi-f:-:::::::*
	cpe:2.3:h:supermicro:x9dbi-tpf:-:::::::*
	cpe:2.3:h:supermicro:x9dbl-3f:-:::::::*
	cpe:2.3:h:supermicro:x9dbl-if:-:::::::*
	cpe:2.3:h:supermicro:x9dbu-3f:-:::::::*
	cpe:2.3:h:supermicro:x9dbu-if:-:::::::*
	cpe:2.3:h:supermicro:x9dr3-f:-:::::::*
	cpe:2.3:h:supermicro:x9dr3-ln4f\+:-:::::::*
	cpe:2.3:h:supermicro:x9dr7-ln4f:-:::::::*
cpe:2.3:h:supermicro:x9dr7-ln4f-jbod:-:::::::*
cpe:2.3:h:supermicro:x9dr7-tf\+:-:::::::*
cpe:2.3:h:supermicro:x9drd-7jln4f:-:::::::*
cpe:2.3:h:supermicro:x9drd-7ln4f:-:::::::*
cpe:2.3:h:supermicro:x9drd-7ln4f-jbod:-:::::::*
cpe:2.3:h:supermicro:x9drd-ef:-:::::::*
cpe:2.3:h:supermicro:x9drd-if:-:::::::*
cpe:2.3:h:supermicro:x9dre-ln4f:-:::::::*
cpe:2.3:h:supermicro:x9dre-tf\+:-:::::::*
cpe:2.3:h:supermicro:x9drff:-:::::::*
cpe:2.3:h:supermicro:x9drff-7:-:::::::*
cpe:2.3:h:supermicro:x9drff-7\+:-:::::::*
cpe:2.3:h:supermicro:x9drff-7g\+:-:::::::*
cpe:2.3:h:supermicro:x9drff-7t\+:-:::::::*
cpe:2.3:h:supermicro:x9drff-7tg\+:-:::::::*
cpe:2.3:h:supermicro:x9drff-i\+:-:::::::*
cpe:2.3:h:supermicro:x9drff-ig\+:-:::::::*
cpe:2.3:h:supermicro:x9drff-it\+:-:::::::*
cpe:2.3:h:supermicro:x9drff-itg\+:-:::::::*
cpe:2.3:h:supermicro:x9drfr:-:::::::*
cpe:2.3:h:supermicro:x9drg-hf:-:::::::*
cpe:2.3:h:supermicro:x9drg-hf\+:-:::::::*
cpe:2.3:h:supermicro:x9drg-htf:-:::::::*
cpe:2.3:h:supermicro:x9drg-htf\+:-:::::::*
cpe:2.3:h:supermicro:x9drh-7f:-:::::::*
cpe:2.3:h:supermicro:x9drh-7tf:-:::::::*
cpe:2.3:h:supermicro:x9drh-if:-:::::::*
cpe:2.3:h:supermicro:x9drh-itf:-:::::::*
cpe:2.3:h:supermicro:x9dri-f:-:::::::*
cpe:2.3:h:supermicro:x9dri-ln4f\+:-:::::::*
cpe:2.3:h:supermicro:x9drl-3f:-:::::::*
cpe:2.3:h:supermicro:x9drl-ef:-:::::::*
cpe:2.3:h:supermicro:x9drl-if:-:::::::*
cpe:2.3:h:supermicro:x9drt-f:-:::::::*
cpe:2.3:h:supermicro:x9drt-h6f:-:::::::*
cpe:2.3:h:supermicro:x9drt-h6ibff:-:::::::*
cpe:2.3:h:supermicro:x9drt-h6ibqf:-:::::::*
cpe:2.3:h:supermicro:x9drt-hf\+:-:::::::*
cpe:2.3:h:supermicro:x9drt-ibff:-:::::::*
cpe:2.3:h:supermicro:x9drt-ibqf:-:::::::*
cpe:2.3:h:supermicro:x9drw-3ln4f\+:-:::::::*
cpe:2.3:h:supermicro:x9drw-3tf\+:-:::::::*
cpe:2.3:h:supermicro:x9drw-7tpf\+:-:::::::*
cpe:2.3:h:supermicro:x9drw-itpf\+:-:::::::*
cpe:2.3:h:supermicro:x9drx\+-f:-:::::::*
cpe:2.3:h:supermicro:x9qr7-tf:-:::::::*
cpe:2.3:h:supermicro:x9qr7-tf\+:-:::::::*
cpe:2.3:h:supermicro:x9qr7-tf-jbod:-:::::::*
cpe:2.3:h:supermicro:x9qri-f:-:::::::*
cpe:2.3:h:supermicro:x9qri-f\+:-:::::::*
cpe:2.3:h:supermicro:x9sbaa-f:-:::::::*
cpe:2.3:h:supermicro:x9sca-f:-:::::::*
cpe:2.3:h:supermicro:x9scd-f:-:::::::*
cpe:2.3:h:supermicro:x9sce-f:-:::::::*
cpe:2.3:h:supermicro:x9scff-f:-:::::::*
cpe:2.3:h:supermicro:x9sci-ln4f:-:::::::*
cpe:2.3:h:supermicro:x9scl\+-f:-:::::::*
cpe:2.3:h:supermicro:x9scl-f:-:::::::*
cpe:2.3:h:supermicro:x9scm-f:-:::::::*
cpe:2.3:h:supermicro:x9scm-iif:-:::::::*
cpe:2.3:h:supermicro:x9spu-f:-:::::::*
cpe:2.3:h:supermicro:x9srd-f:-:::::::*
cpe:2.3:h:supermicro:x9sre-3f:-:::::::*
cpe:2.3:h:supermicro:x9sre-f:-:::::::*
cpe:2.3:h:supermicro:x9srg-f:-:::::::*
cpe:2.3:h:supermicro:x9sri-3f:-:::::::*
cpe:2.3:h:supermicro:x9sri-f:-:::::::*
cpe:2.3:h:supermicro:x9srl-f:-:::::::*
cpe:2.3:h:supermicro:x9srw-f:-:::::::*

No data.

References

Link	Providers
http://www.kb.cert.org/vuls/id/648646
http://www.securityfocus.com/bid/62094
http://www.supermicro.com/products/nfo/files/IPMI/CVE_Update.pdf
http://www.thomas-krenn.com/en/wiki/Supermicro_IPMI_Security_Updates_November_2013
https://support.citrix.com/article/CTX216642
https://www.usenix.org/system/files/conference/woot13/woot13-bonkoski_0.pdf

History

No history.

MITRE

Status: PUBLISHED

Assigner: certcc

Published: 2013-09-08T01:00:00

Updated: 2024-08-06T16:14:56.531Z

Reserved: 2013-05-21T00:00:00

Link: CVE-2013-3607

Vulnrichment

No data.

NVD

Status : Modified

Published: 2013-09-08T03:17:39.563

Modified: 2024-11-21T01:53:58.630

Link: CVE-2013-3607

Redhat

No data.

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object