Vulnerability CVE-2018-13787
Published: 2018-07-09

Description:
Certain Supermicro X11S, X10, X9, X8SI, K1SP, C9X299, C7, B1, A2, and A1 products have a misconfigured Descriptor Region, allowing OS programs to modify firmware.

Type:

CWE-noinfo

CVSS2 => (AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.2/10
10/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Supermicro -> C7h270 firmware 
Supermicro -> C9x299 firmware 
Supermicro -> X10drfg firmware 
Supermicro -> X10drtps firmware 
Supermicro -> X10sdvt firmware 
Supermicro -> X11ssq firmware 
Supermicro -> A1sa firmware 
Supermicro -> C7q270 firmware 
Supermicro -> K1spes firmware 
Supermicro -> X10drfr firmware 
Supermicro -> X10drts firmware 
Supermicro -> X10sra firmware 
Supermicro -> X11ssql firmware 
Supermicro -> A1sai1 firmware 
Supermicro -> C7x99oc firmware 
Supermicro -> K1spi firmware 
Supermicro -> X10drg firmware 
Supermicro -> X10dru firmware 
Supermicro -> X10srd firmware 
Supermicro -> X11ssv firmware 
Supermicro -> A1sai firmware 
Supermicro -> C7z170 firmware 
Supermicro -> X10dai firmware 
Supermicro -> X10drgh firmware 
Supermicro -> X10drul firmware 
Supermicro -> X10srg firmware 
Supermicro -> X11ssz firmware 
Supermicro -> A1sam firmware 
Supermicro -> C7z170o firmware 
Supermicro -> X10dal firmware 
Supermicro -> X10drgo firmware 
Supermicro -> X10drux firmware 
Supermicro -> X10srh firmware 
Supermicro -> X8sia firmware 
Supermicro -> A1srm firmware 
Supermicro -> C7z170oce firmware 
Supermicro -> X10dali firmware 
Supermicro -> X10drh4 firmware 
Supermicro -> X10drw firmware 
Supermicro -> X10sri firmware 
Supermicro -> X8sie firmware 
Supermicro -> A2san firmware 
Supermicro -> C7z270c firmware 
Supermicro -> X10dax firmware 
Supermicro -> X10drh firmware 
Supermicro -> X10drwn firmware 
Supermicro -> X10srl firmware 
Supermicro -> X8sil firmware 
Supermicro -> A2sap firmware 
Supermicro -> C7z270cg firmware 
Supermicro -> X10ddw3 firmware 
Supermicro -> X10dri1 firmware 
Supermicro -> X10drx firmware 
Supermicro -> X10srm firmware 
Supermicro -> X8sit firmware 
Supermicro -> A2sav firmware 
Supermicro -> C7z270l firmware 
Supermicro -> X10ddw4 firmware 
Supermicro -> X10drl firmware 
Supermicro -> X10dsc firmware 
Supermicro -> X10srw firmware 
Supermicro -> X8siu firmware 
Supermicro -> B10drg firmware 
Supermicro -> C7z270m firmware 
Supermicro -> X10ddwi firmware 
Supermicro -> X10drlc firmware 
Supermicro -> X10dscp firmware 
Supermicro -> X11sae firmware 
Supermicro -> X9dbl firmware 
Supermicro -> B10dri firmware 
Supermicro -> C7z270p firmware 
Supermicro -> X10ddwn firmware 
Supermicro -> X10drln firmware 
Supermicro -> X10dsn firmware 
Supermicro -> X11sae m firmware 
Supermicro -> X9drf firmware 
Supermicro -> B10drt firmware 
Supermicro -> C7z370i firmware 
Supermicro -> X10dgo firmware 
Supermicro -> X10drs firmware 
Supermicro -> X10qrh firmware 
Supermicro -> X11sat firmware 
Supermicro -> X9drffp firmware 
Supermicro -> B1dri firmware 
Supermicro -> C7z370l firmware 
Supermicro -> X10drc firmware 
Supermicro -> X10drt firmware 
Supermicro -> X10sba firmware 
Supermicro -> X11sba firmware 
Supermicro -> X9drgqf firmware 
Supermicro -> B1sa4 firmware 
Supermicro -> C7z87oc firmware 
Supermicro -> X10drd firmware 
Supermicro -> X10drtb firmware 
Supermicro -> X10sddf firmware 
Supermicro -> X11sra firmware 
Supermicro -> X9drth firmware 
Supermicro -> B1sd2tf firmware 
Supermicro -> C7z97mf firmware 
Supermicro -> X10drdl firmware 

 References:
https://blog.eclypsium.com/2018/06/07/firmware-vulnerabilities-in-supermicro-systems/
https://www.bleepingcomputer.com/news/security/firmware-vulnerabilities-disclosed-in-supermicro-server-products/
https://www.supermicro.com/support/security_Intel-SA-00088.cfm?pg=X10#tab
Copyright 2024, cxsecurity.com

 

Back to Top