Strix
26.1K

CVE-2013-3607

UnknownEPSS 9.73%

Last modified

CVE-2013-3607 is a vulnerability of currently unknown severity. Multiple stack-based buffer overflows in the web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC*, H8DG*, H8SCM-F, H8SGL-F, H8SM*, X7SP*, X8DT*, X8SI*, X9DAX-*, X9DB*, X9DR*, X9QR*, X9SBAA-F, X9SC*, X9SPU-F, and X9SR* devices allow remote attackers to execute arbitrary code on the Baseboard Management Controller (BMC), as demonstrated by the (1) username or (2) password field in login.cgi.. EPSS estimates a 9.73% chance of exploitation in the next 30 days.

Description

Multiple stack-based buffer overflows in the web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC*, H8DG*, H8SCM-F, H8SGL-F, H8SM*, X7SP*, X8DT*, X8SI*, X9DAX-*, X9DB*, X9DR*, X9QR*, X9SBAA-F, X9SC*, X9SPU-F, and X9SR* devices allow remote attackers to execute arbitrary code on the Baseboard Management Controller (BMC), as demonstrated by the (1) username or (2) password field in login.cgi.

Metrics

EPSS Probability
9.73%

94.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
SupermicroH8dcl-6fAll versions
SupermicroH8dcl-IfAll versions
SupermicroH8dct-HibqfAll versions
SupermicroH8dct-Hln4fAll versions
SupermicroH8dct-IbqfAll versions
SupermicroH8dg6-FAll versions
SupermicroH8dgg-QfAll versions
SupermicroH8dgi-FAll versions
SupermicroH8dgt-HfAll versions
SupermicroH8dgt-HibqfAll versions
SupermicroH8dgt-HlfAll versions
SupermicroH8dgt-HlibqfAll versions
SupermicroH8dgu-FAll versions
SupermicroH8dgu-Ln4f\+All versions
SupermicroH8scm-FAll versions
SupermicroH8sgl-FAll versions
SupermicroH8sme-FAll versions
SupermicroH8sml-7All versions
SupermicroH8sml-7fAll versions
SupermicroH8sml-IAll versions
SupermicroH8sml-IfAll versions
SupermicroX7spa-HfAll versions
SupermicroX7spa-Hf-D525All versions
SupermicroX7spe-H-D525All versions
SupermicroX7spe-HfAll versions
SupermicroX7spe-Hf-D525All versions
SupermicroX7spt-Df-D525All versions
SupermicroX7spt-Df-D525\+All versions
SupermicroX8dtl-3fAll versions
SupermicroX8dtl-6fAll versions
SupermicroX8dtl-IfAll versions
SupermicroX8dtn\+-FAll versions
SupermicroX8dtn\+-F-LrAll versions
SupermicroX8dtu-6f\+All versions
SupermicroX8dtu-6f\+-LrAll versions
SupermicroX8dtu-6tf\+All versions
SupermicroX8dtu-6tf\+-LrAll versions
SupermicroX8dtu-Ln4f\+All versions
SupermicroX8dtu-Ln4f\+-LrAll versions
SupermicroX8si6-FAll versions
SupermicroX8sia-FAll versions
SupermicroX8sie-FAll versions
SupermicroX8sie-Ln4fAll versions
SupermicroX8sil-FAll versions
SupermicroX8sit-FAll versions
SupermicroX8sit-HfAll versions
SupermicroX8siu-FAll versions
SupermicroX9dax-7fAll versions
SupermicroX9dax-7f-HftAll versions
SupermicroX9dax-7tfAll versions

Showing 50 of 133 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2013-3607?
Multiple stack-based buffer overflows in the web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC*, H8DG*, H8SCM-F, H8SGL-F, H8SM*, X7SP*, X8DT*, X8SI*, X9DAX-*, X9DB*, X9DR*, X9QR*, X9SBAA-F, X9SC*, X9SPU-F, and X9SR* devices allow remote attackers to execute arbitrary code on the Baseboard Management Controller (BMC), as demonstrated by the (1) username or (2) password field in login.cgi.
How severe is CVE-2013-3607?
Severity scoring for CVE-2013-3607 is pending analysis. The EPSS model estimates a 9.73% probability of exploitation in the next 30 days.
How do I fix CVE-2013-3607?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2013-3607?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST