1. Home
  2. CVE Database
  3. CVE-2018-13787
MEDIUM · 6.7

CVE-2018-13787

Certain Supermicro X11S, X10, X9, X8SI, K1SP, C9X299, C7, B1, A2, and A1 products have a misconfigured Descriptor Region, allowing OS programs to modify firmware.

Vulnerability Description

Certain Supermicro X11S, X10, X9, X8SI, K1SP, C9X299, C7, B1, A2, and A1 products have a misconfigured Descriptor Region, allowing OS programs to modify firmware.

CVSS Score

6.7

MEDIUM

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
SupermicroX11Ssz Firmware-
SupermicroX11Ssz-
SupermicroX11Ssv Firmware-
SupermicroX11Ssv-
SupermicroX11Ssql Firmware-
SupermicroX11Ssql-
SupermicroX11Ssq Firmware-
SupermicroX11Ssq-
SupermicroX11Ssn Firmware-
SupermicroX11Ssn-
SupermicroX11Srm Firmware-
SupermicroX11Srm-
SupermicroX11Sra Firmware-
SupermicroX11Sra-
SupermicroX11Sba Firmware-
SupermicroX11Sba-
SupermicroX11Sat Firmware-
SupermicroX11Sat-
SupermicroX11Sae M Firmware-
SupermicroX11Sae M-

References

FAQ

What is CVE-2018-13787?

CVE-2018-13787 is a vulnerability with a CVSS score of 6.7 (MEDIUM). Certain Supermicro X11S, X10, X9, X8SI, K1SP, C9X299, C7, B1, A2, and A1 products have a misconfigured Descriptor Region, allowing OS programs to modify firmware.

How severe is CVE-2018-13787?

CVE-2018-13787 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-13787?

Check the references section above for vendor advisories and patch information. Affected products include: Supermicro X11Ssz Firmware, Supermicro X11Ssz, Supermicro X11Ssv Firmware, Supermicro X11Ssv, Supermicro X11Ssql Firmware.