Vulnerability CVE-2013-3609


Published: 2013-09-07   Modified: 2013-09-08

Description:
The web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC*, H8DG*, H8SCM-F, H8SGL-F, H8SM*, X7SP*, X8DT*, X8SI*, X9DAX-*, X9DB*, X9DR*, X9QR*, X9SBAA-F, X9SC*, X9SPU-F, and X9SR* devices relies on JavaScript code on the client for authorization checks, which allows remote authenticated users to bypass intended access restrictions via a crafted request, related to the PrivilegeCallBack function.

Type:

CWE-20

(Improper Input Validation)

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Supermicro -> X9sre-f 
Supermicro -> H8sgl-f 
Supermicro -> X8dtn+-f 
Supermicro -> X9dax-7f 
Supermicro -> X9dr7-ln4f 
Supermicro -> X9drff-i+ 
Supermicro -> X9drl-ef 
Supermicro -> X9qr7-tf-jbod 
Supermicro -> X9srg-f 
Supermicro -> H8dcl-6f 
Supermicro -> H8sme-f 
Supermicro -> X8dtn+-f-lr 
Supermicro -> X9dax-7f-hft 
Supermicro -> X9dr7-ln4f-jbod 
Supermicro -> X9drff-ig+ 
Supermicro -> X9drl-if 
Supermicro -> X9qri-f 
Supermicro -> X9sri-3f 
Supermicro -> H8dcl-if 
Supermicro -> H8sml-7 
Supermicro -> X8dtu-6f+ 
Supermicro -> X9dax-7tf 
Supermicro -> X9dr7-tf+ 
Supermicro -> X9drff-it+ 
Supermicro -> X9drt-f 
Supermicro -> X9qri-f+ 
Supermicro -> X9sri-f 
Supermicro -> H8dct-hibqf 
Supermicro -> H8sml-7f 
Supermicro -> X8dtu-6f+-lr 
Supermicro -> X9dax-if 
Supermicro -> X9drd-7jln4f 
Supermicro -> X9drff-itg+ 
Supermicro -> X9drt-h6f 
Supermicro -> X9sbaa-f 
Supermicro -> X9srl-f 
Supermicro -> H8dct-hln4f 
Supermicro -> H8sml-i 
Supermicro -> X8dtu-6tf+ 
Supermicro -> X9dax-if-hft 
Supermicro -> X9drd-7ln4f 
Supermicro -> X9drfr 
Supermicro -> X9drt-h6ibff 
Supermicro -> X9sca-f 
Supermicro -> X9srw-f 
Supermicro -> H8dct-ibqf 
Supermicro -> H8sml-if 
Supermicro -> X8dtu-6tf+-lr 
Supermicro -> X9dax-itf 
Supermicro -> X9drd-7ln4f-jbod 
Supermicro -> X9drg-hf 
Supermicro -> X9drt-h6ibqf 
Supermicro -> X9scd-f 
Supermicro -> H8dg6-f 
Supermicro -> X7spa-hf 
Supermicro -> X8dtu-ln4f+ 
Supermicro -> X9db3-f 
Supermicro -> X9drd-ef 
Supermicro -> X9drg-hf+ 
Supermicro -> X9drt-hf+ 
Supermicro -> X9sce-f 
Supermicro -> H8dgg-qf 
Supermicro -> X7spa-hf-d525 
Supermicro -> X8dtu-ln4f+-lr 
Supermicro -> X9db3-tpf 
Supermicro -> X9drd-if 
Supermicro -> X9drg-htf 
Supermicro -> X9drt-ibff 
Supermicro -> X9scff-f 
Supermicro -> H8dgi-f 
Supermicro -> X7spe-h-d525 
Supermicro -> X8si6-f 
Supermicro -> X9dbi-f 
Supermicro -> X9dre-ln4f 
Supermicro -> X9drg-htf+ 
Supermicro -> X9drt-ibqf 
Supermicro -> X9sci-ln4f 
Supermicro -> H8dgt-hf 
Supermicro -> X7spe-hf 
Supermicro -> X8sia-f 
Supermicro -> X9dbi-tpf 
Supermicro -> X9dre-tf+ 
Supermicro -> X9drh-7f 
Supermicro -> X9drw-3ln4f+ 
Supermicro -> X9scl+-f 
Supermicro -> X9scl-f 
Supermicro -> H8dgt-hibqf 
Supermicro -> X7spe-hf-d525 
Supermicro -> X8sie-f 
Supermicro -> X9dbl-3f 
Supermicro -> X9drff 
Supermicro -> X9drh-7tf 
Supermicro -> X9drw-3tf+ 
Supermicro -> X9scm-f 
Supermicro -> H8dgt-hlf 
Supermicro -> X7spt-df-d525 
Supermicro -> X8sie-ln4f 
Supermicro -> X9dbl-if 
Supermicro -> X9drff-7 
Supermicro -> X9drh-if 

 References:
http://www.kb.cert.org/vuls/id/648646
http://www.securityfocus.com/bid/62098
http://www.supermicro.com/products/nfo/files/IPMI/CVE_Update.pdf
http://www.thomas-krenn.com/en/wiki/Supermicro_IPMI_Security_Updates_November_2013
https://support.citrix.com/article/CTX216642
https://www.usenix.org/system/files/conference/woot13/woot13-bonkoski_0.pdf

Copyright 2024, cxsecurity.com

 

Back to Top