Published: 10/12/2013 Updated: 15/11/2017

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 1000

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Subscribe to Intelligent Platform Management Firmware

Multiple stack-based buffer overflows in cgi/close_window.cgi in the web interface in the Intelligent Platform Management Interface (IPMI) with firmware prior to 3.15 (SMT_X9_315) on Supermicro X9 generation motherboards allow remote malicious users to execute arbitrary code via the (1) sess_sid or (2) ACT parameter.

Vulnerable Product	Search on Vulmon	Subscribe to Product
supermicro intelligent platform management firmware
supermicro intelligent platform management firmware 2.24

Description of Problem A number of security vulnerabilities have been identified in firmware used in the Lights Out Management (LOM) component across all NetScaler-based hardware appliances: Citrix NetScaler Application Delivery Controller (ADC) Citrix NetScaler Gateway Citrix NetScaler Service Delivery Appliance Citrix CloudBridge (now NetScaler S ...

## # This module requires Metasploit: http//metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::HttpClient def initialize(info = {}) super(update_info(info, 'Name' =&gt ...

CWE-119 http://www.supermicro.com/products/nfo/files/IPMI/CVE_Update.pdf http://www.thomas-krenn.com/en/wiki/Supermicro_IPMI_Security_Updates_November_2013 https://community.rapid7.com/community/metasploit/blog/2013/11/06/supermicro-ipmi-firmware-vulnerabilities http://www.exploit-db.com/exploits/29666 http://www.securityfocus.com/bid/63775 https://support.citrix.com/article/CTX216642 https://nvd.nist.gov https://www.exploit-db.com/exploits/29666/https://support.citrix.com/article/CTX216642

CVE-2013-3623

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect