Vulnerability Description
Multiple stack-based buffer overflows in cgi/close_window.cgi in the web interface in the Intelligent Platform Management Interface (IPMI) with firmware before 3.15 (SMT_X9_315) on Supermicro X9 generation motherboards allow remote attackers to execute arbitrary code via the (1) sess_sid or (2) ACT parameter.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Supermicro | Intelligent Platform Management Firmware | <= 2.26 |
Related Weaknesses (CWE)
References
- http://www.exploit-db.com/exploits/29666Exploit
- http://www.securityfocus.com/bid/63775
- http://www.supermicro.com/products/nfo/files/IPMI/CVE_Update.pdfVendor Advisory
- http://www.thomas-krenn.com/en/wiki/Supermicro_IPMI_Security_Updates_November_20
- https://community.rapid7.com/community/metasploit/blog/2013/11/06/supermicro-ipmExploit
- https://support.citrix.com/article/CTX216642
- http://www.exploit-db.com/exploits/29666Exploit
- http://www.securityfocus.com/bid/63775
- http://www.supermicro.com/products/nfo/files/IPMI/CVE_Update.pdfVendor Advisory
- http://www.thomas-krenn.com/en/wiki/Supermicro_IPMI_Security_Updates_November_20
- https://community.rapid7.com/community/metasploit/blog/2013/11/06/supermicro-ipmExploit
- https://support.citrix.com/article/CTX216642
FAQ
What is CVE-2013-3623?
CVE-2013-3623 is a vulnerability with a CVSS score of 10.0 (HIGH). Multiple stack-based buffer overflows in cgi/close_window.cgi in the web interface in the Intelligent Platform Management Interface (IPMI) with firmware before 3.15 (SMT_X9_315) on Supermicro X9 gener...
How severe is CVE-2013-3623?
CVE-2013-3623 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-3623?
Check the references section above for vendor advisories and patch information. Affected products include: Supermicro Intelligent Platform Management Firmware.