Strix
26.1K

CVE-2013-3609

UnknownEPSS 5.31%

Last modified

CVE-2013-3609 is a vulnerability of currently unknown severity. The web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC*, H8DG*, H8SCM-F, H8SGL-F, H8SM*, X7SP*, X8DT*, X8SI*, X9DAX-*, X9DB*, X9DR*, X9QR*, X9SBAA-F, X9SC*, X9SPU-F, and X9SR* devices relies on JavaScript code on the client for authorization checks, which allows remote authenticated users to bypass intended access restrictions via a crafted request, related to the PrivilegeCallBack function.. EPSS estimates a 5.31% chance of exploitation in the next 30 days.

Description

The web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC*, H8DG*, H8SCM-F, H8SGL-F, H8SM*, X7SP*, X8DT*, X8SI*, X9DAX-*, X9DB*, X9DR*, X9QR*, X9SBAA-F, X9SC*, X9SPU-F, and X9SR* devices relies on JavaScript code on the client for authorization checks, which allows remote authenticated users to bypass intended access restrictions via a crafted request, related to the PrivilegeCallBack function.

Metrics

EPSS Probability
5.31%

91.5th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
SupermicroH8dcl-6fAll versions
SupermicroH8dcl-IfAll versions
SupermicroH8dct-HibqfAll versions
SupermicroH8dct-Hln4fAll versions
SupermicroH8dct-IbqfAll versions
SupermicroH8dg6-FAll versions
SupermicroH8dgg-QfAll versions
SupermicroH8dgi-FAll versions
SupermicroH8dgt-HfAll versions
SupermicroH8dgt-HibqfAll versions
SupermicroH8dgt-HlfAll versions
SupermicroH8dgt-HlibqfAll versions
SupermicroH8dgu-FAll versions
SupermicroH8dgu-Ln4f\+All versions
SupermicroH8scm-FAll versions
SupermicroH8sgl-FAll versions
SupermicroH8sme-FAll versions
SupermicroH8sml-7All versions
SupermicroH8sml-7fAll versions
SupermicroH8sml-IAll versions
SupermicroH8sml-IfAll versions
SupermicroX7spa-HfAll versions
SupermicroX7spa-Hf-D525All versions
SupermicroX7spe-H-D525All versions
SupermicroX7spe-HfAll versions
SupermicroX7spe-Hf-D525All versions
SupermicroX7spt-Df-D525All versions
SupermicroX7spt-Df-D525\+All versions
SupermicroX8dtl-3fAll versions
SupermicroX8dtl-6fAll versions
SupermicroX8dtl-IfAll versions
SupermicroX8dtn\+-FAll versions
SupermicroX8dtn\+-F-LrAll versions
SupermicroX8dtu-6f\+All versions
SupermicroX8dtu-6f\+-LrAll versions
SupermicroX8dtu-6tf\+All versions
SupermicroX8dtu-6tf\+-LrAll versions
SupermicroX8dtu-Ln4f\+All versions
SupermicroX8dtu-Ln4f\+-LrAll versions
SupermicroX8si6-FAll versions
SupermicroX8sia-FAll versions
SupermicroX8sie-FAll versions
SupermicroX8sie-Ln4fAll versions
SupermicroX8sil-FAll versions
SupermicroX8sit-FAll versions
SupermicroX8sit-HfAll versions
SupermicroX8siu-FAll versions
SupermicroX9dax-7fAll versions
SupermicroX9dax-7f-HftAll versions
SupermicroX9dax-7tfAll versions

Showing 50 of 133 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2013-3609?
The web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC*, H8DG*, H8SCM-F, H8SGL-F, H8SM*, X7SP*, X8DT*, X8SI*, X9DAX-*, X9DB*, X9DR*, X9QR*, X9SBAA-F, X9SC*, X9SPU-F, and X9SR* devices relies on JavaScript code on the client for authorization checks, which allows remote authenticated users to bypass intended access restrictions via a crafted request, related to the PrivilegeCallBack function.
How severe is CVE-2013-3609?
Severity scoring for CVE-2013-3609 is pending analysis. The EPSS model estimates a 5.31% probability of exploitation in the next 30 days.
How do I fix CVE-2013-3609?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2013-3609?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST