Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
10
CVSSv2

CVE-2013-3607

Published: 08/09/2013 Updated: 15/11/2017
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
VMScore: 890
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Supermicro

Vulnerability Summary

Multiple stack-based buffer overflows in the web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC*, H8DG*, H8SCM-F, H8SGL-F, H8SM*, X7SP*, X8DT*, X8SI*, X9DAX-*, X9DB*, X9DR*, X9QR*, X9SBAA-F, X9SC*, X9SPU-F, and X9SR* devices allow remote malicious users to execute arbitrary code on the Baseboard Management Controller (BMC), as demonstrated by the (1) username or (2) password field in login.cgi.

Vulnerable Product Search on Vulmon Subscribe to Product

supermicro x9sre-f -

supermicro x9sri-3f -

supermicro x9scm-f -

supermicro x9sci-ln4f -

supermicro x9scff-f -

supermicro x9qri-f -

supermicro x9qr7-tf\\+ -

supermicro x9drt-hf\\+ -

supermicro x9drt-h6f -

supermicro x9drl-if -

supermicro x9dri-f -

supermicro x9drg-hf\\+ -

supermicro x9drg-htf\\+ -

supermicro x9drff-itg\\+ -

supermicro x9drff-7\\+ -

supermicro x9drd-7ln4f-jbod -

supermicro x9dr7-tf\\+ -

supermicro x9dr3-f -

supermicro x9dbu-3f -

supermicro x9dbi-tpf -

supermicro x9dax-7f -

supermicro x8sit-f -

supermicro x8sil-f -

supermicro x8dtu-6f\\+ -

supermicro x8dtu-6f\\+-lr -

supermicro x8dtl-if -

supermicro x7spt-df-d525 -

supermicro h8sml-7f -

supermicro h8sml-i -

supermicro h8dgt-hlf -

supermicro h8dgt-hlibqf -

supermicro h8dct-hln4f -

supermicro h8dct-ibqf -

supermicro h8dcl-6f -

supermicro x9srw-f -

supermicro x9srl-f -

supermicro x9spu-f -

supermicro x9scm-iif -

supermicro x9scd-f -

supermicro x9sbaa-f -

supermicro x9drw-7tpf\\+ -

supermicro x9drw-itpf\\+ -

supermicro x9drt-f -

supermicro x9drt-ibff -

supermicro x9drh-if -

supermicro x9drh-itf -

supermicro x9drff-7 -

supermicro x9drff-7g\\+ -

supermicro x9drff-it\\+ -

supermicro x9drd-if -

supermicro x9dre-ln4f -

supermicro x9dr7-ln4f-jbod -

supermicro x9dbl-if -

supermicro x9db3-f -

supermicro x9dax-itf -

supermicro x9dax-7f-hft -

supermicro x9dax-if-hft -

supermicro x8sie-f -

supermicro x8sie-ln4f -

supermicro x8dtn\\+-f -

supermicro x8dtn\\+-f-lr -

supermicro x7spe-h-d525 -

supermicro x7spe-hf -

supermicro h8sgl-f -

supermicro h8scm-f -

supermicro h8dgg-qf -

supermicro h8dg6-f -

supermicro x9srg-f -

supermicro x9sre-3f -

supermicro x9scl\\+-f -

supermicro x9scl-f -

supermicro x9qr7-tf -

supermicro x9qr7-tf-jbod -

supermicro x9drw-3ln4f\\+ -

supermicro x9drw-3tf\\+ -

supermicro x9drt-ibqf -

supermicro x9drl-ef -

supermicro x9drl-3f -

supermicro x9drg-hf -

supermicro x9drg-htf -

supermicro x9drff-7tg\\+ -

supermicro x9drff-ig\\+ -

supermicro x9drd-7ln4f -

supermicro x9drd-ef -

supermicro x9drd-7jln4f -

supermicro x9dr3-ln4f\\+ -

supermicro x9dri-ln4f\\+ -

supermicro x9db3-tpf -

supermicro x9dbi-f -

supermicro x8siu-f -

supermicro x8sit-hf -

supermicro x8dtu-ln4f\\+ -

supermicro x8dtu-ln4f\\+-lr -

supermicro x8dtl-3f -

supermicro x8dtl-6f -

supermicro x7spe-hf-d525 -

supermicro h8sml-7 -

supermicro h8dgu-ln4f\\+ -

supermicro h8dgu-f -

supermicro h8dgi-f -

supermicro h8dct-hibqf -

supermicro x9sri-f -

supermicro x9srd-f -

supermicro x9sce-f -

supermicro x9sca-f -

supermicro x9qri-f\\+ -

supermicro x9drx\\+-f -

supermicro x9drt-h6ibff -

supermicro x9drt-h6ibqf -

supermicro x9drh-7f -

supermicro x9drh-7tf -

supermicro x9drfr -

supermicro x9drff -

supermicro x9drff-7t\\+ -

supermicro x9drff-i\\+ -

supermicro x9dre-tf\\+ -

supermicro x9dr7-ln4f -

supermicro x9dbu-if -

supermicro x9dbl-3f -

supermicro x9dax-7tf -

supermicro x9dax-if -

supermicro x8sia-f -

supermicro x8si6-f -

supermicro x8dtu-6tf\\+ -

supermicro x8dtu-6tf\\+-lr -

supermicro x7spt-df-d525\\+ -

supermicro x7spa-hf -

supermicro x7spa-hf-d525 -

supermicro h8sml-if -

supermicro h8sme-f -

supermicro h8dgt-hf -

supermicro h8dgt-hibqf -

supermicro h8dcl-if -

Vendor Advisories

Citrix Security Bulletins: Multiple Security Vulnerabilities in Citrix NetScaler Platform IPMI Lights Out Management (LOM) firmware
Description of Problem A number of security vulnerabilities have been identified in firmware used in the Lights Out Management (LOM) component across all NetScaler-based hardware appliances: Citrix NetScaler Application Delivery Controller (ADC) Citrix NetScaler Gateway Citrix NetScaler Service Delivery Appliance Citrix CloudBridge (now NetScaler S ...

References

CWE-119http://www.kb.cert.org/vuls/id/648646https://www.usenix.org/system/files/conference/woot13/woot13-bonkoski_0.pdfhttp://www.supermicro.com/products/nfo/files/IPMI/CVE_Update.pdfhttp://www.thomas-krenn.com/en/wiki/Supermicro_IPMI_Security_Updates_November_2013http://www.securityfocus.com/bid/62094https://support.citrix.com/article/CTX216642https://nvd.nist.govhttps://www.kb.cert.org/vuls/id/648646
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-21111CVE-2024-32884IDORCVE-2023-1000CVE-2024-33260CVE-2024-3682reflected XSSrace conditionCVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook