Vulnerability CVE-2013-3609


Published: 2013-09-07   Modified: 2013-09-08

Description:
The web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC*, H8DG*, H8SCM-F, H8SGL-F, H8SM*, X7SP*, X8DT*, X8SI*, X9DAX-*, X9DB*, X9DR*, X9QR*, X9SBAA-F, X9SC*, X9SPU-F, and X9SR* devices relies on JavaScript code on the client for authorization checks, which allows remote authenticated users to bypass intended access restrictions via a crafted request, related to the PrivilegeCallBack function.

Type:

CWE-20

(Improper Input Validation)

Vendor: Supermicro
Product: H8dg6-f 
Product: X8dtu-ln4f+ 
Product: X9drd-ef 
Product: X9drt-hf+ 
Product: H8dcl-6f 
Product: X8dtn+-f-lr 
Product: X9dr7-ln4f-jbod 
Product: X9drl-if 
Product: X9srg-f 
Product: X7spt-df-d525+ 
Product: X9dbu-3f 
Product: X9drh-itf 
Product: X9scm-iif 
Product: X7spa-hf-d525 
Product: X9db3-tpf 
Product: X9drg-htf 
Product: X9scff-f 
Product: H8sml-7 
Product: X9dax-7tf 
Product: X9drff-it+ 
Product: X9qri-f+ 
Product: H8dgu-f 
Product: X8sit-f 
Product: X9drff-7g+ 
Product: X9drx+-f 
Product: H8dgi-f 
Product: X8si6-f 
Product: X9dre-ln4f 
Product: X9drt-ibqf 
Product: H8dct-hibqf 
Product: X8dtu-6f+-lr 
Product: X9drd-7jln4f 
Product: X9drt-h6f 
Product: X9sri-f 
Product: X8dtl-6f 
Product: X9dr3-f 
Product: X9dri-ln4f+ 
Product: X9srd-f 
Product: X7spe-hf 
Product: X9dbi-tpf 
Product: X9drh-7f 
Product: X9scl+-f 
Product: H8sml-i 
Product: X9dax-if-hft 
Product: X9drfr 
Product: X9sca-f 
Product: H8scm-f 
Product: X8siu-f 
Product: X9drff-7tg+ 
Product: X9qr7-tf+ 
Product: H8dgt-hibqf 
Product: X8sie-f 
Product: X9drff 
Product: X9drw-3tf+ 
Product: H8dct-ibqf 
Product: X8dtu-6tf+-lr 
Product: X9drd-7ln4f-jbod 
Product: X9drt-h6ibqf 
Product: X9srw-f 
Product: X8dtn+-f 
Product: X9dr7-ln4f 
Product: X9drl-ef 
Product: X9sre-f 
Product: X7spt-df-d525 
Product: X9dbl-if 
Product: X9drh-if 
Product: X9scm-f 
Product: X7spa-hf 
Product: X9db3-f 
Product: X9drg-hf+ 
Product: X9sce-f 
Product: H8sme-f 
Product: X9dax-7f-hft 
Product: X9drff-ig+ 
Product: X9qri-f 
Product: H8dgt-hlibqf 
Product: X8sil-f 
Product: X9drff-7+ 
Product: X9drw-itpf+ 
Product: H8dgg-qf 
Product: X8dtu-ln4f+-lr 
Product: X9drd-if 
Product: X9drt-ibff 
Product: H8dcl-if 
Product: X8dtu-6f+ 
Product: X9dr7-tf+ 
Product: X9drt-f 
Product: X9sri-3f 
Product: X8dtl-3f 
Product: X9dbu-if 
Product: X9dri-f 
Product: X9spu-f 
Product: X7spe-h-d525 
Product: X9dbi-f 
Product: X9drg-htf+ 
Product: X9sci-ln4f 
Product: H8sml-7f 
Product: X9dax-if 
Product: X9drff-itg+ 
Product: X9sbaa-f 

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
http://www.kb.cert.org/vuls/id/648646
http://www.securityfocus.com/bid/62098
http://www.supermicro.com/products/nfo/files/IPMI/CVE_Update.pdf
http://www.thomas-krenn.com/en/wiki/Supermicro_IPMI_Security_Updates_November_2013
https://support.citrix.com/article/CTX216642
https://www.usenix.org/system/files/conference/woot13/woot13-bonkoski_0.pdf

Related CVE
CVE-2019-13131
Super Micro SuperDoctor 5, when restrictions are not implemented in agent.cfg, allows remote attackers to execute arbitrary commands via NRPE.
CVE-2018-13787
Certain Supermicro X11S, X10, X9, X8SI, K1SP, C9X299, C7, B1, A2, and A1 products have a misconfigured Descriptor Region, allowing OS programs to modify firmware.
CVE-2013-3623
Multiple stack-based buffer overflows in cgi/close_window.cgi in the web interface in the Intelligent Platform Management Interface (IPMI) with firmware before 3.15 (SMT_X9_315) on Supermicro X9 generation motherboards allow remote attackers to execu...
CVE-2013-3622
Buffer overflow in logout.cgi in the Intelligent Platform Management Interface (IPMI) with firmware before 3.15 (SMT_X9_315) on Supermicro X9 generation motherboards allows remote authenticated users to execute arbitrary code via the SID parameter.
CVE-2013-3608
The web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC*, H8DG*, H8SCM-F, H8SGL-F, H8SM*, X7SP*, X8DT*, X8SI*, X9DAX-*, X9DB*, X9DR*, X9QR*, X9SBAA-F, X9SC*, X9SPU-F, and X9SR* devices allows remote...
CVE-2013-3607
Multiple stack-based buffer overflows in the web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC*, H8DG*, H8SCM-F, H8SGL-F, H8SM*, X7SP*, X8DT*, X8SI*, X9DAX-*, X9DB*, X9DR*, X9QR*, X9SBAA-F, X9SC*,...
CVE-2013-4782
The Supermicro BMC implementation allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher zero) and an arbitrary password.

Copyright 2019, cxsecurity.com

 

Back to Top