Vulnerability Description
Multiple stack-based buffer overflows in the web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC*, H8DG*, H8SCM-F, H8SGL-F, H8SM*, X7SP*, X8DT*, X8SI*, X9DAX-*, X9DB*, X9DR*, X9QR*, X9SBAA-F, X9SC*, X9SPU-F, and X9SR* devices allow remote attackers to execute arbitrary code on the Baseboard Management Controller (BMC), as demonstrated by the (1) username or (2) password field in login.cgi.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Supermicro | H8Dcl-6F | - |
| Supermicro | H8Dcl-If | - |
| Supermicro | H8Dct-Hibqf | - |
| Supermicro | H8Dct-Hln4F | - |
| Supermicro | H8Dct-Ibqf | - |
| Supermicro | H8Dg6-F | - |
| Supermicro | H8Dgg-Qf | - |
| Supermicro | H8Dgi-F | - |
| Supermicro | H8Dgt-Hf | - |
| Supermicro | H8Dgt-Hibqf | - |
| Supermicro | H8Dgt-Hlf | - |
| Supermicro | H8Dgt-Hlibqf | - |
| Supermicro | H8Dgu-F | - |
| Supermicro | H8Dgu-Ln4F\+ | - |
| Supermicro | H8Scm-F | - |
| Supermicro | H8Sgl-F | - |
| Supermicro | H8Sme-F | - |
| Supermicro | H8Sml-7 | - |
| Supermicro | H8Sml-7F | - |
| Supermicro | H8Sml-I | - |
Related Weaknesses (CWE)
References
- http://www.kb.cert.org/vuls/id/648646US Government Resource
- http://www.securityfocus.com/bid/62094
- http://www.supermicro.com/products/nfo/files/IPMI/CVE_Update.pdf
- http://www.thomas-krenn.com/en/wiki/Supermicro_IPMI_Security_Updates_November_20
- https://support.citrix.com/article/CTX216642
- https://www.usenix.org/system/files/conference/woot13/woot13-bonkoski_0.pdfExploit
- http://www.kb.cert.org/vuls/id/648646US Government Resource
- http://www.securityfocus.com/bid/62094
- http://www.supermicro.com/products/nfo/files/IPMI/CVE_Update.pdf
- http://www.thomas-krenn.com/en/wiki/Supermicro_IPMI_Security_Updates_November_20
- https://support.citrix.com/article/CTX216642
- https://www.usenix.org/system/files/conference/woot13/woot13-bonkoski_0.pdfExploit
FAQ
What is CVE-2013-3607?
CVE-2013-3607 is a vulnerability with a CVSS score of 10.0 (HIGH). Multiple stack-based buffer overflows in the web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC*, H8DG*, H8SCM-F, H8SGL-F, H8SM*, X7SP*, X8DT*, X8S...
How severe is CVE-2013-3607?
CVE-2013-3607 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-3607?
Check the references section above for vendor advisories and patch information. Affected products include: Supermicro H8Dcl-6F, Supermicro H8Dcl-If, Supermicro H8Dct-Hibqf, Supermicro H8Dct-Hln4F, Supermicro H8Dct-Ibqf.