CVE-2013-3607 — Vulnetix

Try Vulnetix Request Demo

CVE-2013-3607 PUBLISHED CVSS 10 CRITICAL

Multiple stack-based buffer overflows in the web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC*, H8DG*, H8SCM-F, H8SGL-F, H8SM*, X7SP*, X8DT*, X8SI*, X9DAX-*, X9DB*, X9DR*, X9QR*, X9SBAA-F, X9SC*, X9SPU-F, and X9SR* devices allow remote attackers to execute arbitrary code on the Baseboard Management Controller (BMC), as demonstrated by the (1) username or (2) password field in login.cgi.

EPSS 14.62% · 94.4th percentile

Risk Scores

CVSS v2.0

10

EPSS Score

14.62%

94.4th percentile

Affected Products

Vendor	Product	Versions
supermicro	h8dct-hibqf
supermicro	x9spu-f
supermicro	x9drh-itf
supermicro	x9dax-7f-hft
supermicro	h8sml-if
supermicro	x9drw-3ln4f\+
supermicro	x9drt-h6ibqf
supermicro	x8dtn\+-f
supermicro	x9drx\+-f
supermicro	x9scd-f
supermicro	x9drff-ig\+
supermicro	x9scff-f
supermicro	x9dbi-tpf
supermicro	x9drt-hf\+
supermicro	x9drd-if
supermicro	h8dgt-hlf
supermicro	x9drff-7\+
supermicro	x9dax-if-hft
supermicro	x9drh-7f
supermicro	x9dr7-ln4f

…and 114 more

Timeline

Aug 30, 2013 CVE Published
Aug 30, 2013 PoC Published
Jun 20, 2016 PoC Published
Apr 30, 2017 PoC Published
Jul 20, 2018 PoC Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
Jul 10, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Mar 7, 2023 EPSS Score

References

http://support.citrix.com/article/CTX216071 advisory
http://support.citrix.com/article/CTX216642 advisory
62094 vdb
VU#648646 third-party-advisory
http://www.supermicro.com/products/nfo/files/IPMI/CVE_Update.pdf url
https://www.usenix.org/system/files/conference/woot13/woot13-bonkoski_0.pdf url
http://www.thomas-krenn.com/en/wiki/Supermicro_IPMI_Security_Updates_November_2013 url
https://support.citrix.com/article/CTX216642 url
https://nvd.nist.gov/vuln/detail/CVE-2013-3607 advisory

Open in Interactive Console →