Vulnerability CVE-2018-13787


Published: 2018-07-09

Description:
Certain Supermicro X11S, X10, X9, X8SI, K1SP, C9X299, C7, B1, A2, and A1 products have a misconfigured Descriptor Region, allowing OS programs to modify firmware.

Type:

CWE-284

(Improper Access Control)

Vendor: Supermicro
Product: A2san firmware 
Product: X10dax firmware 
Product: X10drwn firmware 
Product: X8sil firmware 
Product: A1sa firmware 
Product: K1spes firmware 
Product: X10drts firmware 
Product: X11ssql firmware 
Product: C7z370l firmware 
Product: X10drt firmware 
Product: X11sba firmware 
Product: C7z270cg firmware 
Product: X10dri1 firmware 
Product: X10srm firmware 
Product: C7x99oc firmware 
Product: X10drg firmware 
Product: X10srd firmware 
Product: B1sa4 firmware 
Product: X10drd firmware 
Product: X10sddf firmware 
Product: X9drth firmware 
Product: A2sav firmware 
Product: X10ddw4 firmware 
Product: X10dsc firmware 
Product: X8siu firmware 
Product: A1sai firmware 
Product: X10dai firmware 
Product: X10drul firmware 
Product: X11ssz firmware 
Product: C7z97mf firmware 
Product: X10drth firmware 
Product: X11srm firmware 
Product: C7z270m firmware 
Product: X10drlc firmware 
Product: X11sae firmware 
Product: C7z170o firmware 
Product: X10drgo firmware 
Product: X10srh firmware 
Product: C7b250 firmware 
Product: X10drff firmware 
Product: X10sdvf firmware 
Product: B10dri firmware 
Product: X10ddwn firmware 
Product: X10dsn firmware 
Product: X9drf firmware 
Product: A1srm firmware 
Product: X10dali firmware 
Product: X10drw firmware 
Product: X8sie firmware 
Product: C9x299 firmware 
Product: X10drtps firmware 
Product: X11ssq firmware 
Product: C7z370i firmware 
Product: X10drs firmware 
Product: X11sat firmware 
Product: C7z270c firmware 
Product: X10drh firmware 
Product: X10srl firmware 
Product: C7q270 firmware 
Product: X10drfr firmware 
Product: X10sra firmware 
Product: B1dri firmware 
Product: X10drc firmware 
Product: X10sba firmware 
Product: X9drgqf firmware 
Product: A2sap firmware 
Product: X10ddw3 firmware 
Product: X10drx firmware 
Product: X8sit firmware 
Product: A1sai1 firmware 
Product: K1spi firmware 
Product: X10dru firmware 
Product: X11ssv firmware 
Product: C7z87oc firmware 
Product: X10drtb firmware 
Product: X11sra firmware 
Product: C7z270l firmware 
Product: X10drl firmware 
Product: X10srw firmware 
Product: C7z170 firmware 
Product: X10drgh firmware 
Product: X10srg firmware 
Product: B1sd2tf firmware 
Product: X10drdl firmware 
Product: X10sde firmware 
Product: X9sae firmware 
Product: B10drg firmware 
Product: X10ddwi firmware 
Product: X10dscp firmware 
Product: X9dbl firmware 
Product: A1sam firmware 
Product: X10dal firmware 
Product: X10drux firmware 
Product: X8sia firmware 
Product: C7z97oc firmware 
Product: X10drtl firmware 
Product: X11ssn firmware 
Product: C7z270p firmware 
Product: X10drln firmware 
Product: X11sae m firmware 

CVSS2 => (AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.2/10
10/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
https://blog.eclypsium.com/2018/06/07/firmware-vulnerabilities-in-supermicro-systems/
https://www.bleepingcomputer.com/news/security/firmware-vulnerabilities-disclosed-in-supermicro-server-products/
https://www.supermicro.com/support/security_Intel-SA-00088.cfm?pg=X10#tab

Related CVE
CVE-2013-3623
Multiple stack-based buffer overflows in cgi/close_window.cgi in the web interface in the Intelligent Platform Management Interface (IPMI) with firmware before 3.15 (SMT_X9_315) on Supermicro X9 generation motherboards allow remote attackers to execu...
CVE-2013-3622
Buffer overflow in logout.cgi in the Intelligent Platform Management Interface (IPMI) with firmware before 3.15 (SMT_X9_315) on Supermicro X9 generation motherboards allows remote authenticated users to execute arbitrary code via the SID parameter.
CVE-2013-3609
The web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC*, H8DG*, H8SCM-F, H8SGL-F, H8SM*, X7SP*, X8DT*, X8SI*, X9DAX-*, X9DB*, X9DR*, X9QR*, X9SBAA-F, X9SC*, X9SPU-F, and X9SR* devices relies on Jav...
CVE-2013-3608
The web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC*, H8DG*, H8SCM-F, H8SGL-F, H8SM*, X7SP*, X8DT*, X8SI*, X9DAX-*, X9DB*, X9DR*, X9QR*, X9SBAA-F, X9SC*, X9SPU-F, and X9SR* devices allows remote...
CVE-2013-3607
Multiple stack-based buffer overflows in the web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC*, H8DG*, H8SCM-F, H8SGL-F, H8SM*, X7SP*, X8DT*, X8SI*, X9DAX-*, X9DB*, X9DR*, X9QR*, X9SBAA-F, X9SC*,...
CVE-2013-4782
The Supermicro BMC implementation allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher zero) and an arbitrary password.

Copyright 2018, cxsecurity.com

 

Back to Top