CVE-2013-3620 — HIGH (7.5) — White Hats Nepal

Q: How severe is CVE-2013-3620?

CVE-2013-3620 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2013-3620?

Check the references section above for vendor advisories and patch information. Affected products include: Supermicro Smt X9 Firmware, Supermicro Sh7758, Supermicro Smt X8 Firmware, Supermicro Sh7757, Citrix Netscaler Sdx Firmware.

Vulnerability Description

Hardcoded WSMan credentials in Intelligent Platform Management Interface (IPMI) with firmware for Supermicro X9 generation motherboards before 3.15 (SMT_X9_315) and firmware for Supermicro X8 generation motherboards before SMT X8 312.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Supermicro	Smt X9 Firmware	< 3.15
Supermicro	Sh7758	-
Supermicro	Smt X8 Firmware	< 3.12
Supermicro	Sh7757	-
Citrix	Netscaler Sdx Firmware	10
Citrix	Netscaler Sdx	-
Citrix	Netscaler Firmware	-
Citrix	Netscaler	-
Citrix	Netscaler Sd-Wan Firmware	-
Citrix	Netscaler Sd-Wan	-

Related Weaknesses (CWE)

CWE-522

References

http://support.citrix.com/article/CTX216642Third Party Advisory
https://community.rapid7.com/community/metasploit/blog/2013/11/05/supermicro-ipmThird Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/89045Third Party AdvisoryVDB Entry
https://support.citrix.com/article/CTX216642Third Party Advisory
https://www.supermicro.com/products/nfo/files/IPMI/CVE_Update.pdfVendor Advisory
http://support.citrix.com/article/CTX216642Third Party Advisory
https://community.rapid7.com/community/metasploit/blog/2013/11/05/supermicro-ipmThird Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/89045Third Party AdvisoryVDB Entry
https://support.citrix.com/article/CTX216642Third Party Advisory
https://www.supermicro.com/products/nfo/files/IPMI/CVE_Update.pdfVendor Advisory

FAQ

What is CVE-2013-3620?

CVE-2013-3620 is a vulnerability with a CVSS score of 7.5 (HIGH). Hardcoded WSMan credentials in Intelligent Platform Management Interface (IPMI) with firmware for Supermicro X9 generation motherboards before 3.15 (SMT_X9_315) and firmware for Supermicro X8 generati...

How severe is CVE-2013-3620?

CVE-2013-3620 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2013-3620?

Check the references section above for vendor advisories and patch information. Affected products include: Supermicro Smt X9 Firmware, Supermicro Sh7758, Supermicro Smt X8 Firmware, Supermicro Sh7757, Citrix Netscaler Sdx Firmware.