VDB

CVE-2013-3608

CVE-2013-3608 PUBLISHED CVSS 10 CRITICAL

The web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC*, H8DG*, H8SCM-F, H8SGL-F, H8SM*, X7SP*, X8DT*, X8SI*, X9DAX-*, X9DB*, X9DR*, X9QR*, X9SBAA-F, X9SC*, X9SPU-F, and X9SR* devices allows remote authenticated users to execute arbitrary commands via shell metacharacters, as demonstrated by the IP address field in config_date_time.cgi.

EPSS 1.89% · 83.6th percentile

Risk Scores

CVSS 2.0
10
EPSS Score
1.89%
83.6th percentile

Affected Products

VendorProductVersions
supermicrox9dax-if
supermicrox8sia-f
supermicrox9drh-7tf
supermicroh8dgg-qf
supermicrox9dbl-if
supermicrox9drg-hf\+
supermicrox9scl-f
supermicrox9db3-tpf
supermicrox9drw-3ln4f\+
supermicrox9dri-ln4f\+
supermicrox9sce-f
supermicrox9drff-it\+
supermicrox8sit-f
supermicrox9srw-f
supermicrox8dtu-ln4f\+-lr
supermicrox9qr7-tf-jbod
supermicrox8dtu-6tf\+-lr
supermicrox9qr7-tf
supermicrox9drw-7tpf\+
supermicrox9dax-itf

…and 114 more

Timeline

  • Aug 30, 2013 CVE Published
  • Jun 20, 2016 PoC Published
  • Apr 30, 2017 PoC Published
  • Jul 20, 2018 PoC Published
  • Feb 4, 2022 EPSS Score
  • Mar 29, 2022 EPSS Score
  • Jul 12, 2022 EPSS Score
  • Sep 3, 2022 EPSS Score
  • Oct 26, 2022 EPSS Score
  • Dec 18, 2022 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Apr 2, 2023 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›