Strix
26.1K

CVE-2018-13787

UnknownEPSS 0.42%

Last modified

CVE-2018-13787 is a vulnerability of currently unknown severity. Certain Supermicro X11S, X10, X9, X8SI, K1SP, C9X299, C7, B1, A2, and A1 products have a misconfigured Descriptor Region, allowing OS programs to modify firmware.. EPSS estimates a 0.42% chance of exploitation in the next 30 days.

Description

Certain Supermicro X11S, X10, X9, X8SI, K1SP, C9X299, C7, B1, A2, and A1 products have a misconfigured Descriptor Region, allowing OS programs to modify firmware.

Metrics

EPSS Probability
0.42%

33.4th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

VendorProductVersions
SupermicroX11ssz FirmwareAll versions
SupermicroX11ssv FirmwareAll versions
SupermicroX11ssql FirmwareAll versions
SupermicroX11ssq FirmwareAll versions
SupermicroX11ssn FirmwareAll versions
SupermicroX11srm FirmwareAll versions
SupermicroX11sra FirmwareAll versions
SupermicroX11sba FirmwareAll versions
SupermicroX11sat FirmwareAll versions
SupermicroX11sae M FirmwareAll versions
SupermicroX11sae FirmwareAll versions
SupermicroX10srw FirmwareAll versions
SupermicroX10srm FirmwareAll versions
SupermicroX10srl FirmwareAll versions
SupermicroX10sri FirmwareAll versions
SupermicroX10srh FirmwareAll versions
SupermicroX10srg FirmwareAll versions
SupermicroX10srd FirmwareAll versions
SupermicroX10sra FirmwareAll versions
SupermicroX10sdvt FirmwareAll versions
SupermicroX10sdvf FirmwareAll versions
SupermicroX10sde FirmwareAll versions
SupermicroX10sddf FirmwareAll versions
SupermicroX10sba FirmwareAll versions
SupermicroX10qrh FirmwareAll versions
SupermicroX10dsn FirmwareAll versions
SupermicroX10dscp FirmwareAll versions
SupermicroX10dsc FirmwareAll versions
SupermicroX10drx FirmwareAll versions
SupermicroX10drwn FirmwareAll versions
SupermicroX10drw FirmwareAll versions
SupermicroX10drux FirmwareAll versions
SupermicroX10drul FirmwareAll versions
SupermicroX10dru FirmwareAll versions
SupermicroX10drts FirmwareAll versions
SupermicroX10drtps FirmwareAll versions
SupermicroX10drtl FirmwareAll versions
SupermicroX10drth FirmwareAll versions
SupermicroX10drtb FirmwareAll versions
SupermicroX10drt FirmwareAll versions
SupermicroX10drs FirmwareAll versions
SupermicroX10drln FirmwareAll versions
SupermicroX10drlc FirmwareAll versions
SupermicroX10drl FirmwareAll versions
SupermicroX10dri1 FirmwareAll versions
SupermicroX10drh4 FirmwareAll versions
SupermicroX10drh FirmwareAll versions
SupermicroX10drgo FirmwareAll versions
SupermicroX10drgh FirmwareAll versions
SupermicroX10drg FirmwareAll versions

Showing 50 of 110 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2018-13787?
Certain Supermicro X11S, X10, X9, X8SI, K1SP, C9X299, C7, B1, A2, and A1 products have a misconfigured Descriptor Region, allowing OS programs to modify firmware.
How severe is CVE-2018-13787?
Severity scoring for CVE-2018-13787 is pending analysis. The EPSS model estimates a 0.42% probability of exploitation in the next 30 days.
How do I fix CVE-2018-13787?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2018-13787?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST