CVE-2013-3609 — Vulnetix

Try Vulnetix Request Demo

CVE-2013-3609 PUBLISHED CVSS 10 CRITICAL

The web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC*, H8DG*, H8SCM-F, H8SGL-F, H8SM*, X7SP*, X8DT*, X8SI*, X9DAX-*, X9DB*, X9DR*, X9QR*, X9SBAA-F, X9SC*, X9SPU-F, and X9SR* devices relies on JavaScript code on the client for authorization checks, which allows remote authenticated users to bypass intended access restrictions via a crafted request, related to the PrivilegeCallBack function.

EPSS 1.59% · 81.6th percentile

Risk Scores

CVSS v2.0

10

EPSS Score

1.59%

81.6th percentile

Affected Products

Vendor	Product	Versions
supermicro	x9sbaa-f
supermicro	x8dtl-3f
supermicro	x9scl\+-f
supermicro	x8dtl-if
supermicro	x9scl-f
supermicro	h8dct-ibqf
supermicro	x9drff-7
supermicro	x9dax-if
supermicro	x8dtu-6f\+-lr
supermicro	x9drff
supermicro	x9drg-hf
supermicro	x9db3-f
supermicro	x9dax-itf
supermicro	h8sme-f
supermicro	x8dtu-6tf\+-lr
supermicro	x9sre-f
supermicro	x9dbi-f
supermicro	x9drt-h6ibff
supermicro	x9drff-7tg\+
supermicro	x8sie-f

…and 114 more

Timeline

Aug 30, 2013 CVE Published
Jun 20, 2016 PoC Published
Apr 30, 2017 PoC Published
Jul 20, 2018 PoC Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
May 19, 2022 EPSS Score
Jul 10, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Feb 4, 2023 EPSS Score
Mar 28, 2023 EPSS Score

References

http://support.citrix.com/article/CTX216071 advisory
http://support.citrix.com/article/CTX216642 advisory
62098 vdb
VU#648646 third-party-advisory
http://www.supermicro.com/products/nfo/files/IPMI/CVE_Update.pdf url
https://www.usenix.org/system/files/conference/woot13/woot13-bonkoski_0.pdf url
http://www.thomas-krenn.com/en/wiki/Supermicro_IPMI_Security_Updates_November_2013 url
https://support.citrix.com/article/CTX216642 url
https://nvd.nist.gov/vuln/detail/CVE-2013-3609 advisory

Open in Interactive Console →