Vulnerability Description
The web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC*, H8DG*, H8SCM-F, H8SGL-F, H8SM*, X7SP*, X8DT*, X8SI*, X9DAX-*, X9DB*, X9DR*, X9QR*, X9SBAA-F, X9SC*, X9SPU-F, and X9SR* devices relies on JavaScript code on the client for authorization checks, which allows remote authenticated users to bypass intended access restrictions via a crafted request, related to the PrivilegeCallBack function.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Supermicro | H8Dcl-6F | - |
| Supermicro | H8Dcl-If | - |
| Supermicro | H8Dct-Hibqf | - |
| Supermicro | H8Dct-Hln4F | - |
| Supermicro | H8Dct-Ibqf | - |
| Supermicro | H8Dg6-F | - |
| Supermicro | H8Dgg-Qf | - |
| Supermicro | H8Dgi-F | - |
| Supermicro | H8Dgt-Hf | - |
| Supermicro | H8Dgt-Hibqf | - |
| Supermicro | H8Dgt-Hlf | - |
| Supermicro | H8Dgt-Hlibqf | - |
| Supermicro | H8Dgu-F | - |
| Supermicro | H8Dgu-Ln4F\+ | - |
| Supermicro | H8Scm-F | - |
| Supermicro | H8Sgl-F | - |
| Supermicro | H8Sme-F | - |
| Supermicro | H8Sml-7 | - |
| Supermicro | H8Sml-7F | - |
| Supermicro | H8Sml-I | - |
Related Weaknesses (CWE)
References
- http://www.kb.cert.org/vuls/id/648646US Government Resource
- http://www.securityfocus.com/bid/62098
- http://www.supermicro.com/products/nfo/files/IPMI/CVE_Update.pdf
- http://www.thomas-krenn.com/en/wiki/Supermicro_IPMI_Security_Updates_November_20
- https://support.citrix.com/article/CTX216642
- https://www.usenix.org/system/files/conference/woot13/woot13-bonkoski_0.pdfExploit
- http://www.kb.cert.org/vuls/id/648646US Government Resource
- http://www.securityfocus.com/bid/62098
- http://www.supermicro.com/products/nfo/files/IPMI/CVE_Update.pdf
- http://www.thomas-krenn.com/en/wiki/Supermicro_IPMI_Security_Updates_November_20
- https://support.citrix.com/article/CTX216642
- https://www.usenix.org/system/files/conference/woot13/woot13-bonkoski_0.pdfExploit
FAQ
What is CVE-2013-3609?
CVE-2013-3609 is a vulnerability with a CVSS score of 10.0 (HIGH). The web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC*, H8DG*, H8SCM-F, H8SGL-F, H8SM*, X7SP*, X8DT*, X8SI*, X9DAX-*, X9DB*, X9DR*, X9QR*, X9SBAA-...
How severe is CVE-2013-3609?
CVE-2013-3609 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-3609?
Check the references section above for vendor advisories and patch information. Affected products include: Supermicro H8Dcl-6F, Supermicro H8Dcl-If, Supermicro H8Dct-Hibqf, Supermicro H8Dct-Hln4F, Supermicro H8Dct-Ibqf.