Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
10
CVSSv2

CVE-2013-3608

Published: 08/09/2013 Updated: 15/11/2017
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
VMScore: 890
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to X9sre-f

Vulnerability Summary

The web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC*, H8DG*, H8SCM-F, H8SGL-F, H8SM*, X7SP*, X8DT*, X8SI*, X9DAX-*, X9DB*, X9DR*, X9QR*, X9SBAA-F, X9SC*, X9SPU-F, and X9SR* devices allows remote authenticated users to execute arbitrary commands via shell metacharacters, as demonstrated by the IP address field in config_date_time.cgi.

Vulnerable Product Search on Vulmon Subscribe to Product

supermicro x9sre-f -

supermicro x9sri-3f -

supermicro x9scm-f -

supermicro x9sci-ln4f -

supermicro x9qri-f -

supermicro x9qr7-tf\\+ -

supermicro x9drt-hf\\+ -

supermicro x9drt-h6f -

supermicro x9drl-3f -

supermicro x9drl-if -

supermicro x9drg-hf\\+ -

supermicro x9drg-htf\\+ -

supermicro x9drff-itg\\+ -

supermicro x9drff-7\\+ -

supermicro x9drd-7jln4f -

supermicro x9drd-7ln4f-jbod -

supermicro x9dr3-f -

supermicro x9dbu-3f -

supermicro x9dbi-tpf -

supermicro x9dax-7f -

supermicro x8sit-hf -

supermicro x8sit-f -

supermicro x8dtu-6f\\+ -

supermicro x8dtu-6f\\+-lr -

supermicro x8dtl-if -

supermicro x7spt-df-d525 -

supermicro h8sml-7 -

supermicro h8sml-7f -

supermicro h8sml-i -

supermicro h8dgt-hlf -

supermicro h8dgt-hlibqf -

supermicro h8dct-hln4f -

supermicro h8dct-ibqf -

supermicro x9srw-f -

supermicro x9srl-f -

supermicro x9spu-f -

supermicro x9scm-iif -

supermicro x9sca-f -

supermicro x9scd-f -

supermicro x9drw-7tpf\\+ -

supermicro x9drw-itpf\\+ -

supermicro x9drt-f -

supermicro x9drt-ibff -

supermicro x9drh-7tf -

supermicro x9drh-if -

supermicro x9drff-7 -

supermicro x9drff-7g\\+ -

supermicro x9drff-it\\+ -

supermicro x9drd-if -

supermicro x9dr7-ln4f -

supermicro x9dre-ln4f -

supermicro x9dr7-ln4f-jbod -

supermicro x9dbl-if -

supermicro x9db3-f -

supermicro x9dax-itf -

supermicro x9dax-7f-hft -

supermicro x8sie-f -

supermicro x8sie-ln4f -

supermicro x8dtn\\+-f -

supermicro x8dtn\\+-f-lr -

supermicro x7spa-hf-d525 -

supermicro x7spe-h-d525 -

supermicro h8sgl-f -

supermicro h8scm-f -

supermicro h8dgg-qf -

supermicro h8dg6-f -

supermicro x9srg-f -

supermicro x9sre-3f -

supermicro x9scl\\+-f -

supermicro x9scl-f -

supermicro x9sbaa-f -

supermicro x9qr7-tf -

supermicro x9qr7-tf-jbod -

supermicro x9drw-3ln4f\\+ -

supermicro x9drw-3tf\\+ -

supermicro x9drt-ibqf -

supermicro x9drl-ef -

supermicro x9drh-itf -

supermicro x9drg-hf -

supermicro x9drg-htf -

supermicro x9drff-7tg\\+ -

supermicro x9drff-ig\\+ -

supermicro x9drd-7ln4f -

supermicro x9drd-ef -

supermicro x9dr3-ln4f\\+ -

supermicro x9dri-ln4f\\+ -

supermicro x9db3-tpf -

supermicro x9dbi-f -

supermicro x9dax-if-hft -

supermicro x8siu-f -

supermicro x8dtu-ln4f\\+ -

supermicro x8dtu-ln4f\\+-lr -

supermicro x8dtl-3f -

supermicro x8dtl-6f -

supermicro x7spe-hf -

supermicro x7spe-hf-d525 -

supermicro h8dgu-ln4f\\+ -

supermicro h8dgu-f -

supermicro h8dgi-f -

supermicro h8dct-hibqf -

supermicro x9sri-f -

supermicro x9srd-f -

supermicro x9scff-f -

supermicro x9sce-f -

supermicro x9qri-f\\+ -

supermicro x9drx\\+-f -

supermicro x9drt-h6ibff -

supermicro x9drt-h6ibqf -

supermicro x9dri-f -

supermicro x9drh-7f -

supermicro x9drfr -

supermicro x9drff -

supermicro x9drff-7t\\+ -

supermicro x9drff-i\\+ -

supermicro x9dr7-tf\\+ -

supermicro x9dre-tf\\+ -

supermicro x9dbu-if -

supermicro x9dbl-3f -

supermicro x9dax-7tf -

supermicro x9dax-if -

supermicro x8sil-f -

supermicro x8sia-f -

supermicro x8si6-f -

supermicro x8dtu-6tf\\+ -

supermicro x8dtu-6tf\\+-lr -

supermicro x7spt-df-d525\\+ -

supermicro x7spa-hf -

supermicro h8sml-if -

supermicro h8sme-f -

supermicro h8dgt-hf -

supermicro h8dgt-hibqf -

supermicro h8dcl-6f -

supermicro h8dcl-if -

Vendor Advisories

Citrix Security Bulletins: Multiple Security Vulnerabilities in Citrix NetScaler Platform IPMI Lights Out Management (LOM) firmware
Description of Problem A number of security vulnerabilities have been identified in firmware used in the Lights Out Management (LOM) component across all NetScaler-based hardware appliances: Citrix NetScaler Application Delivery Controller (ADC) Citrix NetScaler Gateway Citrix NetScaler Service Delivery Appliance Citrix CloudBridge (now NetScaler S ...

References

CWE-20https://www.usenix.org/system/files/conference/woot13/woot13-bonkoski_0.pdfhttp://www.kb.cert.org/vuls/id/648646http://www.supermicro.com/products/nfo/files/IPMI/CVE_Update.pdfhttp://www.thomas-krenn.com/en/wiki/Supermicro_IPMI_Security_Updates_November_2013http://www.securityfocus.com/bid/62097https://support.citrix.com/article/CTX216642https://nvd.nist.govhttps://www.kb.cert.org/vuls/id/648646
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionCVE-2006-4304CVE-2023-26603CVE-2024-28327CVE-2023-50363CVE-2024-21905template injectionCVE-2024-3400cross-site request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook