CVE-2013-3608 — Vulnetix

Try Vulnetix Request Demo

CVE-2013-3608 PUBLISHED CVSS 10 CRITICAL

The web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC*, H8DG*, H8SCM-F, H8SGL-F, H8SM*, X7SP*, X8DT*, X8SI*, X9DAX-*, X9DB*, X9DR*, X9QR*, X9SBAA-F, X9SC*, X9SPU-F, and X9SR* devices allows remote authenticated users to execute arbitrary commands via shell metacharacters, as demonstrated by the IP address field in config_date_time.cgi.

EPSS 1.89% · 83.1th percentile

Risk Scores

CVSS v2.0

10

EPSS Score

1.89%

83.1th percentile

Affected Products

Vendor	Product	Versions
supermicro	x9dax-if
supermicro	x8sia-f
supermicro	x9drh-7tf
supermicro	h8dgg-qf
supermicro	x9dbl-if
supermicro	x9drg-hf\+
supermicro	x9scl-f
supermicro	x9db3-tpf
supermicro	x9drw-3ln4f\+
supermicro	x9dri-ln4f\+
supermicro	x9sce-f
supermicro	x9drff-it\+
supermicro	x8sit-f
supermicro	x9srw-f
supermicro	x8dtu-ln4f\+-lr
supermicro	x9qr7-tf-jbod
supermicro	x8dtu-6tf\+-lr
supermicro	x9qr7-tf
supermicro	x9drw-7tpf\+
supermicro	x9dax-itf

…and 114 more

Timeline

Aug 30, 2013 CVE Published
Jun 20, 2016 PoC Published
Apr 30, 2017 PoC Published
Jul 20, 2018 PoC Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
May 19, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Feb 4, 2023 EPSS Score
Mar 28, 2023 EPSS Score

References

VU#648646 third-party-advisory
http://www.supermicro.com/products/nfo/files/IPMI/CVE_Update.pdf url
https://www.usenix.org/system/files/conference/woot13/woot13-bonkoski_0.pdf url
62097 vdb
http://www.thomas-krenn.com/en/wiki/Supermicro_IPMI_Security_Updates_November_2013 url
https://support.citrix.com/article/CTX216642 url
https://nvd.nist.gov/vuln/detail/CVE-2013-3608 advisory
http://support.citrix.com/article/CTX216071 advisory
http://support.citrix.com/article/CTX216642 advisory

Open in Interactive Console →