Strix
26.1K

CVE-2013-3608

UnknownEPSS 6.41%

Last modified

CVE-2013-3608 is a vulnerability of currently unknown severity. The web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC*, H8DG*, H8SCM-F, H8SGL-F, H8SM*, X7SP*, X8DT*, X8SI*, X9DAX-*, X9DB*, X9DR*, X9QR*, X9SBAA-F, X9SC*, X9SPU-F, and X9SR* devices allows remote authenticated users to execute arbitrary commands via shell metacharacters, as demonstrated by the IP address field in config_date_time.cgi.. EPSS estimates a 6.41% chance of exploitation in the next 30 days.

Description

The web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC*, H8DG*, H8SCM-F, H8SGL-F, H8SM*, X7SP*, X8DT*, X8SI*, X9DAX-*, X9DB*, X9DR*, X9QR*, X9SBAA-F, X9SC*, X9SPU-F, and X9SR* devices allows remote authenticated users to execute arbitrary commands via shell metacharacters, as demonstrated by the IP address field in config_date_time.cgi.

Metrics

EPSS Probability
6.41%

92.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
SupermicroH8dcl-6fAll versions
SupermicroH8dcl-IfAll versions
SupermicroH8dct-HibqfAll versions
SupermicroH8dct-Hln4fAll versions
SupermicroH8dct-IbqfAll versions
SupermicroH8dg6-FAll versions
SupermicroH8dgg-QfAll versions
SupermicroH8dgi-FAll versions
SupermicroH8dgt-HfAll versions
SupermicroH8dgt-HibqfAll versions
SupermicroH8dgt-HlfAll versions
SupermicroH8dgt-HlibqfAll versions
SupermicroH8dgu-FAll versions
SupermicroH8dgu-Ln4f\+All versions
SupermicroH8scm-FAll versions
SupermicroH8sgl-FAll versions
SupermicroH8sme-FAll versions
SupermicroH8sml-7All versions
SupermicroH8sml-7fAll versions
SupermicroH8sml-IAll versions
SupermicroH8sml-IfAll versions
SupermicroX7spa-HfAll versions
SupermicroX7spa-Hf-D525All versions
SupermicroX7spe-H-D525All versions
SupermicroX7spe-HfAll versions
SupermicroX7spe-Hf-D525All versions
SupermicroX7spt-Df-D525All versions
SupermicroX7spt-Df-D525\+All versions
SupermicroX8dtl-3fAll versions
SupermicroX8dtl-6fAll versions
SupermicroX8dtl-IfAll versions
SupermicroX8dtn\+-FAll versions
SupermicroX8dtn\+-F-LrAll versions
SupermicroX8dtu-6f\+All versions
SupermicroX8dtu-6f\+-LrAll versions
SupermicroX8dtu-6tf\+All versions
SupermicroX8dtu-6tf\+-LrAll versions
SupermicroX8dtu-Ln4f\+All versions
SupermicroX8dtu-Ln4f\+-LrAll versions
SupermicroX8si6-FAll versions
SupermicroX8sia-FAll versions
SupermicroX8sie-FAll versions
SupermicroX8sie-Ln4fAll versions
SupermicroX8sil-FAll versions
SupermicroX8sit-FAll versions
SupermicroX8sit-HfAll versions
SupermicroX8siu-FAll versions
SupermicroX9dax-7fAll versions
SupermicroX9dax-7f-HftAll versions
SupermicroX9dax-7tfAll versions

Showing 50 of 133 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2013-3608?
The web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC*, H8DG*, H8SCM-F, H8SGL-F, H8SM*, X7SP*, X8DT*, X8SI*, X9DAX-*, X9DB*, X9DR*, X9QR*, X9SBAA-F, X9SC*, X9SPU-F, and X9SR* devices allows remote authenticated users to execute arbitrary commands via shell metacharacters, as demonstrated by the IP address field in config_date_time.cgi.
How severe is CVE-2013-3608?
Severity scoring for CVE-2013-3608 is pending analysis. The EPSS model estimates a 6.41% probability of exploitation in the next 30 days.
How do I fix CVE-2013-3608?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2013-3608?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST