CVE-2013-3608 - Vulnerability Details

The web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC*, H8DG*, H8SCM-F, H8SGL-F, H8SM*, X7SP*, X8DT*, X8SI*, X9DAX-*, X9DB*, X9DR*, X9QR*, X9SBAA-F, X9SC*, X9SPU-F, and X9SR* devices allows remote authenticated users to execute arbitrary commands via shell metacharacters, as demonstrated by the IP address field in config_date_time.cgi.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Supermicro	H8dcl-6f H8dcl-if H8dct-hibqf H8dct-hln4f H8dct-ibqf H8dg6-f H8dgg-qf H8dgi-f H8dgt-hf H8dgt-hibqf H8dgt-hlf H8dgt-hlibqf H8dgu-f H8dgu-ln4f\+ H8scm-f H8sgl-f H8sme-f H8sml-7 H8sml-7f H8sml-i H8sml-if X7spa-hf X7spa-hf-d525 X7spe-h-d525 X7spe-hf X7spe-hf-d525 X7spt-df-d525 X7spt-df-d525\+ X8dtl-3f X8dtl-6f X8dtl-if X8dtn\+-f X8dtn\+-f-lr X8dtu-6f\+ X8dtu-6f\+-lr X8dtu-6tf\+ X8dtu-6tf\+-lr X8dtu-ln4f\+ X8dtu-ln4f\+-lr X8si6-f X8sia-f X8sie-f X8sie-ln4f X8sil-f X8sit-f X8sit-hf X8siu-f X9dax-7f X9dax-7f-hft X9dax-7tf X9dax-if X9dax-if-hft X9dax-itf X9db3-f X9db3-tpf X9dbi-f X9dbi-tpf X9dbl-3f X9dbl-if X9dbu-3f X9dbu-if X9dr3-f X9dr3-ln4f\+ X9dr7-ln4f X9dr7-ln4f-jbod X9dr7-tf\+ X9drd-7jln4f X9drd-7ln4f X9drd-7ln4f-jbod X9drd-ef X9drd-if X9dre-ln4f X9dre-tf\+ X9drff X9drff-7 X9drff-7\+ X9drff-7g\+ X9drff-7t\+ X9drff-7tg\+ X9drff-i\+ X9drff-ig\+ X9drff-it\+ X9drff-itg\+ X9drfr X9drg-hf X9drg-hf\+ X9drg-htf X9drg-htf\+ X9drh-7f X9drh-7tf X9drh-if X9drh-itf X9dri-f X9dri-ln4f\+ X9drl-3f X9drl-ef X9drl-if X9drt-f X9drt-h6f X9drt-h6ibff X9drt-h6ibqf X9drt-hf\+ X9drt-ibff X9drt-ibqf X9drw-3ln4f\+ X9drw-3tf\+ X9drw-7tpf\+ X9drw-itpf\+ X9drx\+-f X9qr7-tf X9qr7-tf-jbod X9qr7-tf\+ X9qri-f X9qri-f\+ X9sbaa-f X9sca-f X9scd-f X9sce-f X9scff-f X9sci-ln4f X9scl-f X9scl\+-f X9scm-f X9scm-iif X9spu-f X9srd-f X9sre-3f X9sre-f X9srg-f X9sri-3f X9sri-f X9srl-f X9srw-f

Configuration 1 [-]

OR	cpe:2.3:h:supermicro:h8dcl-6f:-:::::::*
	cpe:2.3:h:supermicro:h8dcl-if:-:::::::*
	cpe:2.3:h:supermicro:h8dct-hibqf:-:::::::*
	cpe:2.3:h:supermicro:h8dct-hln4f:-:::::::*
	cpe:2.3:h:supermicro:h8dct-ibqf:-:::::::*
	cpe:2.3:h:supermicro:h8dg6-f:-:::::::*
	cpe:2.3:h:supermicro:h8dgg-qf:-:::::::*
	cpe:2.3:h:supermicro:h8dgi-f:-:::::::*
	cpe:2.3:h:supermicro:h8dgt-hf:-:::::::*
	cpe:2.3:h:supermicro:h8dgt-hibqf:-:::::::*
	cpe:2.3:h:supermicro:h8dgt-hlf:-:::::::*
	cpe:2.3:h:supermicro:h8dgt-hlibqf:-:::::::*
	cpe:2.3:h:supermicro:h8dgu-f:-:::::::*
	cpe:2.3:h:supermicro:h8dgu-ln4f\+:-:::::::*
	cpe:2.3:h:supermicro:h8scm-f:-:::::::*
	cpe:2.3:h:supermicro:h8sgl-f:-:::::::*
	cpe:2.3:h:supermicro:h8sme-f:-:::::::*
	cpe:2.3:h:supermicro:h8sml-7:-:::::::*
	cpe:2.3:h:supermicro:h8sml-7f:-:::::::*
	cpe:2.3:h:supermicro:h8sml-i:-:::::::*
	cpe:2.3:h:supermicro:h8sml-if:-:::::::*
	cpe:2.3:h:supermicro:x7spa-hf:-:::::::*
	cpe:2.3:h:supermicro:x7spa-hf-d525:-:::::::*
	cpe:2.3:h:supermicro:x7spe-h-d525:-:::::::*
	cpe:2.3:h:supermicro:x7spe-hf:-:::::::*
	cpe:2.3:h:supermicro:x7spe-hf-d525:-:::::::*
	cpe:2.3:h:supermicro:x7spt-df-d525:-:::::::*
	cpe:2.3:h:supermicro:x7spt-df-d525\+:-:::::::*
	cpe:2.3:h:supermicro:x8dtl-3f:-:::::::*
	cpe:2.3:h:supermicro:x8dtl-6f:-:::::::*
	cpe:2.3:h:supermicro:x8dtl-if:-:::::::*
	cpe:2.3:h:supermicro:x8dtn\+-f:-:::::::*
	cpe:2.3:h:supermicro:x8dtn\+-f-lr:-:::::::*
	cpe:2.3:h:supermicro:x8dtu-6f\+:-:::::::*
	cpe:2.3:h:supermicro:x8dtu-6f\+-lr:-:::::::*
	cpe:2.3:h:supermicro:x8dtu-6tf\+:-:::::::*
	cpe:2.3:h:supermicro:x8dtu-6tf\+-lr:-:::::::*
	cpe:2.3:h:supermicro:x8dtu-ln4f\+:-:::::::*
	cpe:2.3:h:supermicro:x8dtu-ln4f\+-lr:-:::::::*
	cpe:2.3:h:supermicro:x8si6-f:-:::::::*
	cpe:2.3:h:supermicro:x8sia-f:-:::::::*
	cpe:2.3:h:supermicro:x8sie-f:-:::::::*
	cpe:2.3:h:supermicro:x8sie-ln4f:-:::::::*
	cpe:2.3:h:supermicro:x8sil-f:-:::::::*
	cpe:2.3:h:supermicro:x8sit-f:-:::::::*
	cpe:2.3:h:supermicro:x8sit-hf:-:::::::*
	cpe:2.3:h:supermicro:x8siu-f:-:::::::*
	cpe:2.3:h:supermicro:x9dax-7f:-:::::::*
	cpe:2.3:h:supermicro:x9dax-7f-hft:-:::::::*
	cpe:2.3:h:supermicro:x9dax-7tf:-:::::::*
	cpe:2.3:h:supermicro:x9dax-if:-:::::::*
	cpe:2.3:h:supermicro:x9dax-if-hft:-:::::::*
	cpe:2.3:h:supermicro:x9dax-itf:-:::::::*
	cpe:2.3:h:supermicro:x9db3-f:-:::::::*
	cpe:2.3:h:supermicro:x9db3-tpf:-:::::::*
	cpe:2.3:h:supermicro:x9dbi-f:-:::::::*
	cpe:2.3:h:supermicro:x9dbi-tpf:-:::::::*
	cpe:2.3:h:supermicro:x9dbl-3f:-:::::::*
	cpe:2.3:h:supermicro:x9dbl-if:-:::::::*
	cpe:2.3:h:supermicro:x9dbu-3f:-:::::::*
	cpe:2.3:h:supermicro:x9dbu-if:-:::::::*
	cpe:2.3:h:supermicro:x9dr3-f:-:::::::*
	cpe:2.3:h:supermicro:x9dr3-ln4f\+:-:::::::*
	cpe:2.3:h:supermicro:x9dr7-ln4f:-:::::::*
cpe:2.3:h:supermicro:x9dr7-ln4f-jbod:-:::::::*
cpe:2.3:h:supermicro:x9dr7-tf\+:-:::::::*
cpe:2.3:h:supermicro:x9drd-7jln4f:-:::::::*
cpe:2.3:h:supermicro:x9drd-7ln4f:-:::::::*
cpe:2.3:h:supermicro:x9drd-7ln4f-jbod:-:::::::*
cpe:2.3:h:supermicro:x9drd-ef:-:::::::*
cpe:2.3:h:supermicro:x9drd-if:-:::::::*
cpe:2.3:h:supermicro:x9dre-ln4f:-:::::::*
cpe:2.3:h:supermicro:x9dre-tf\+:-:::::::*
cpe:2.3:h:supermicro:x9drff:-:::::::*
cpe:2.3:h:supermicro:x9drff-7:-:::::::*
cpe:2.3:h:supermicro:x9drff-7\+:-:::::::*
cpe:2.3:h:supermicro:x9drff-7g\+:-:::::::*
cpe:2.3:h:supermicro:x9drff-7t\+:-:::::::*
cpe:2.3:h:supermicro:x9drff-7tg\+:-:::::::*
cpe:2.3:h:supermicro:x9drff-i\+:-:::::::*
cpe:2.3:h:supermicro:x9drff-ig\+:-:::::::*
cpe:2.3:h:supermicro:x9drff-it\+:-:::::::*
cpe:2.3:h:supermicro:x9drff-itg\+:-:::::::*
cpe:2.3:h:supermicro:x9drfr:-:::::::*
cpe:2.3:h:supermicro:x9drg-hf:-:::::::*
cpe:2.3:h:supermicro:x9drg-hf\+:-:::::::*
cpe:2.3:h:supermicro:x9drg-htf:-:::::::*
cpe:2.3:h:supermicro:x9drg-htf\+:-:::::::*
cpe:2.3:h:supermicro:x9drh-7f:-:::::::*
cpe:2.3:h:supermicro:x9drh-7tf:-:::::::*
cpe:2.3:h:supermicro:x9drh-if:-:::::::*
cpe:2.3:h:supermicro:x9drh-itf:-:::::::*
cpe:2.3:h:supermicro:x9dri-f:-:::::::*
cpe:2.3:h:supermicro:x9dri-ln4f\+:-:::::::*
cpe:2.3:h:supermicro:x9drl-3f:-:::::::*
cpe:2.3:h:supermicro:x9drl-ef:-:::::::*
cpe:2.3:h:supermicro:x9drl-if:-:::::::*
cpe:2.3:h:supermicro:x9drt-f:-:::::::*
cpe:2.3:h:supermicro:x9drt-h6f:-:::::::*
cpe:2.3:h:supermicro:x9drt-h6ibff:-:::::::*
cpe:2.3:h:supermicro:x9drt-h6ibqf:-:::::::*
cpe:2.3:h:supermicro:x9drt-hf\+:-:::::::*
cpe:2.3:h:supermicro:x9drt-ibff:-:::::::*
cpe:2.3:h:supermicro:x9drt-ibqf:-:::::::*
cpe:2.3:h:supermicro:x9drw-3ln4f\+:-:::::::*
cpe:2.3:h:supermicro:x9drw-3tf\+:-:::::::*
cpe:2.3:h:supermicro:x9drw-7tpf\+:-:::::::*
cpe:2.3:h:supermicro:x9drw-itpf\+:-:::::::*
cpe:2.3:h:supermicro:x9drx\+-f:-:::::::*
cpe:2.3:h:supermicro:x9qr7-tf:-:::::::*
cpe:2.3:h:supermicro:x9qr7-tf\+:-:::::::*
cpe:2.3:h:supermicro:x9qr7-tf-jbod:-:::::::*
cpe:2.3:h:supermicro:x9qri-f:-:::::::*
cpe:2.3:h:supermicro:x9qri-f\+:-:::::::*
cpe:2.3:h:supermicro:x9sbaa-f:-:::::::*
cpe:2.3:h:supermicro:x9sca-f:-:::::::*
cpe:2.3:h:supermicro:x9scd-f:-:::::::*
cpe:2.3:h:supermicro:x9sce-f:-:::::::*
cpe:2.3:h:supermicro:x9scff-f:-:::::::*
cpe:2.3:h:supermicro:x9sci-ln4f:-:::::::*
cpe:2.3:h:supermicro:x9scl\+-f:-:::::::*
cpe:2.3:h:supermicro:x9scl-f:-:::::::*
cpe:2.3:h:supermicro:x9scm-f:-:::::::*
cpe:2.3:h:supermicro:x9scm-iif:-:::::::*
cpe:2.3:h:supermicro:x9spu-f:-:::::::*
cpe:2.3:h:supermicro:x9srd-f:-:::::::*
cpe:2.3:h:supermicro:x9sre-3f:-:::::::*
cpe:2.3:h:supermicro:x9sre-f:-:::::::*
cpe:2.3:h:supermicro:x9srg-f:-:::::::*
cpe:2.3:h:supermicro:x9sri-3f:-:::::::*
cpe:2.3:h:supermicro:x9sri-f:-:::::::*
cpe:2.3:h:supermicro:x9srl-f:-:::::::*
cpe:2.3:h:supermicro:x9srw-f:-:::::::*

No data.

References

Link	Providers
http://www.kb.cert.org/vuls/id/648646
http://www.securityfocus.com/bid/62097
http://www.supermicro.com/products/nfo/files/IPMI/CVE_Update.pdf
http://www.thomas-krenn.com/en/wiki/Supermicro_IPMI_Security_Updates_November_2013
https://support.citrix.com/article/CTX216642
https://www.usenix.org/system/files/conference/woot13/woot13-bonkoski_0.pdf

History

No history.

MITRE

Status: PUBLISHED

Assigner: certcc

Published: 2013-09-08T01:00:00

Updated: 2024-08-06T16:14:56.542Z

Reserved: 2013-05-21T00:00:00

Link: CVE-2013-3608

Vulnrichment

No data.

NVD

Status : Modified

Published: 2013-09-08T03:17:39.587

Modified: 2024-11-21T01:53:58.773

Link: CVE-2013-3608

Redhat

No data.

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object