CVE-2013-3607 - OpenCVE

Multiple stack-based buffer overflows in the web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC*, H8DG*, H8SCM-F, H8SGL-F, H8SM*, X7SP*, X8DT*, X8SI*, X9DAX-*, X9DB*, X9DR*, X9QR*, X9SBAA-F, X9SC*, X9SPU-F, and X9SR* devices allow remote attackers to execute arbitrary code on the Baseboard Management Controller (BMC), as demonstrated by the (1) username or (2) password field in login.cgi.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Supermicro	X9dax-if X8dtl-6f X9drh-if X9drd-if X7spe-hf H8dcl-6f X9dre-tf\+ X9sbaa-f X9drd-7ln4f H8dgt-hibqf H8dct-hibqf X7spa-hf-d525 X9dax-7f X8dtl-3f H8sml-if X8dtu-6f\+-lr X9drd-ef X9scm-f X8dtu-6f\+ X9dbu-3f H8dgu-f X7spt-df-d525\+ X9qr7-tf\+ X8sit-hf X8sit-f H8dgt-hlibqf X9dr3-ln4f\+ X8sil-f X9drl-3f X9sri-3f X8dtu-6tf\+ X9srg-f X9dax-itf X9drff-7t\+ X9drh-itf H8dgt-hf X8si6-f X9dbl-if X9drff-itg\+ X9dax-7tf X8dtu-ln4f\+ X9dbi-tpf H8dgu-ln4f\+ X9sri-f X7spt-df-d525 H8dgt-hlf X8dtn\+-f X9drd-7ln4f-jbod X9drff-7g\+ X9srw-f H8sml-7 H8dct-ibqf X9dr7-ln4f-jbod X8sie-ln4f X9drl-ef X9dre-ln4f X7spe-hf-d525 X9drh-7tf H8sgl-f X9dri-f X7spa-hf X9qri-f X9dax-7f-hft X9dax-if-hft X9scl\+-f X9drl-if X9drw-7tpf\+ X7spe-h-d525 X9drff-it\+ X9drd-7jln4f X8sia-f X9drw-3tf\+ X9drg-hf X9sce-f X9drt-h6ibff X9srd-f X9dbi-f X9drff-ig\+ X9dbu-if X9drg-htf X8siu-f X9drff-7tg\+ H8dg6-f X9drff-i\+ X9dr3-f X9drt-f X9qr7-tf-jbod X8dtl-if X9drx\+-f X9dr7-tf\+ X9drt-h6f X9scd-f X9dbl-3f X9drw-3ln4f\+ X9drff H8dct-hln4f H8sml-i X9dr7-ln4f X9db3-f X9qri-f\+ H8dgg-qf H8dcl-if H8dgi-f X9drt-ibqf H8sme-f X8dtu-ln4f\+-lr X9srl-f H8sml-7f X9drg-htf\+ X9drg-hf\+ X9sci-ln4f X9sre-f X9drh-7f X9drt-hf\+ X9qr7-tf X8dtu-6tf\+-lr X9drw-itpf\+ X9drfr X9drt-h6ibqf X9scm-iif X9drff-7 X9drt-ibff X9db3-tpf X9scl-f X9spu-f X9scff-f X9sca-f X9drff-7\+ X8dtn\+-f-lr X9sre-3f X8sie-f H8scm-f X9dri-ln4f\+

Configuration 1 [-]

OR	cpe:2.3:h:supermicro:h8dcl-6f:-:::::::*
	cpe:2.3:h:supermicro:h8dcl-if:-:::::::*
	cpe:2.3:h:supermicro:h8dct-hibqf:-:::::::*
	cpe:2.3:h:supermicro:h8dct-hln4f:-:::::::*
	cpe:2.3:h:supermicro:h8dct-ibqf:-:::::::*
	cpe:2.3:h:supermicro:h8dg6-f:-:::::::*
	cpe:2.3:h:supermicro:h8dgg-qf:-:::::::*
	cpe:2.3:h:supermicro:h8dgi-f:-:::::::*
	cpe:2.3:h:supermicro:h8dgt-hf:-:::::::*
	cpe:2.3:h:supermicro:h8dgt-hibqf:-:::::::*
	cpe:2.3:h:supermicro:h8dgt-hlf:-:::::::*
	cpe:2.3:h:supermicro:h8dgt-hlibqf:-:::::::*
	cpe:2.3:h:supermicro:h8dgu-f:-:::::::*
	cpe:2.3:h:supermicro:h8dgu-ln4f\+:-:::::::*
	cpe:2.3:h:supermicro:h8scm-f:-:::::::*
	cpe:2.3:h:supermicro:h8sgl-f:-:::::::*
	cpe:2.3:h:supermicro:h8sme-f:-:::::::*
	cpe:2.3:h:supermicro:h8sml-7:-:::::::*
	cpe:2.3:h:supermicro:h8sml-7f:-:::::::*
	cpe:2.3:h:supermicro:h8sml-i:-:::::::*
	cpe:2.3:h:supermicro:h8sml-if:-:::::::*
	cpe:2.3:h:supermicro:x7spa-hf:-:::::::*
	cpe:2.3:h:supermicro:x7spa-hf-d525:-:::::::*
	cpe:2.3:h:supermicro:x7spe-h-d525:-:::::::*
	cpe:2.3:h:supermicro:x7spe-hf:-:::::::*
	cpe:2.3:h:supermicro:x7spe-hf-d525:-:::::::*
	cpe:2.3:h:supermicro:x7spt-df-d525:-:::::::*
	cpe:2.3:h:supermicro:x7spt-df-d525\+:-:::::::*
	cpe:2.3:h:supermicro:x8dtl-3f:-:::::::*
	cpe:2.3:h:supermicro:x8dtl-6f:-:::::::*
	cpe:2.3:h:supermicro:x8dtl-if:-:::::::*
	cpe:2.3:h:supermicro:x8dtn\+-f:-:::::::*
	cpe:2.3:h:supermicro:x8dtn\+-f-lr:-:::::::*
	cpe:2.3:h:supermicro:x8dtu-6f\+:-:::::::*
	cpe:2.3:h:supermicro:x8dtu-6f\+-lr:-:::::::*
	cpe:2.3:h:supermicro:x8dtu-6tf\+:-:::::::*
	cpe:2.3:h:supermicro:x8dtu-6tf\+-lr:-:::::::*
	cpe:2.3:h:supermicro:x8dtu-ln4f\+:-:::::::*
	cpe:2.3:h:supermicro:x8dtu-ln4f\+-lr:-:::::::*
	cpe:2.3:h:supermicro:x8si6-f:-:::::::*
	cpe:2.3:h:supermicro:x8sia-f:-:::::::*
	cpe:2.3:h:supermicro:x8sie-f:-:::::::*
	cpe:2.3:h:supermicro:x8sie-ln4f:-:::::::*
	cpe:2.3:h:supermicro:x8sil-f:-:::::::*
	cpe:2.3:h:supermicro:x8sit-f:-:::::::*
	cpe:2.3:h:supermicro:x8sit-hf:-:::::::*
	cpe:2.3:h:supermicro:x8siu-f:-:::::::*
	cpe:2.3:h:supermicro:x9dax-7f:-:::::::*
	cpe:2.3:h:supermicro:x9dax-7f-hft:-:::::::*
	cpe:2.3:h:supermicro:x9dax-7tf:-:::::::*
	cpe:2.3:h:supermicro:x9dax-if:-:::::::*
	cpe:2.3:h:supermicro:x9dax-if-hft:-:::::::*
	cpe:2.3:h:supermicro:x9dax-itf:-:::::::*
	cpe:2.3:h:supermicro:x9db3-f:-:::::::*
	cpe:2.3:h:supermicro:x9db3-tpf:-:::::::*
	cpe:2.3:h:supermicro:x9dbi-f:-:::::::*
	cpe:2.3:h:supermicro:x9dbi-tpf:-:::::::*
	cpe:2.3:h:supermicro:x9dbl-3f:-:::::::*
	cpe:2.3:h:supermicro:x9dbl-if:-:::::::*
	cpe:2.3:h:supermicro:x9dbu-3f:-:::::::*
	cpe:2.3:h:supermicro:x9dbu-if:-:::::::*
	cpe:2.3:h:supermicro:x9dr3-f:-:::::::*
	cpe:2.3:h:supermicro:x9dr3-ln4f\+:-:::::::*
	cpe:2.3:h:supermicro:x9dr7-ln4f:-:::::::*
cpe:2.3:h:supermicro:x9dr7-ln4f-jbod:-:::::::*
cpe:2.3:h:supermicro:x9dr7-tf\+:-:::::::*
cpe:2.3:h:supermicro:x9drd-7jln4f:-:::::::*
cpe:2.3:h:supermicro:x9drd-7ln4f:-:::::::*
cpe:2.3:h:supermicro:x9drd-7ln4f-jbod:-:::::::*
cpe:2.3:h:supermicro:x9drd-ef:-:::::::*
cpe:2.3:h:supermicro:x9drd-if:-:::::::*
cpe:2.3:h:supermicro:x9dre-ln4f:-:::::::*
cpe:2.3:h:supermicro:x9dre-tf\+:-:::::::*
cpe:2.3:h:supermicro:x9drff:-:::::::*
cpe:2.3:h:supermicro:x9drff-7:-:::::::*
cpe:2.3:h:supermicro:x9drff-7\+:-:::::::*
cpe:2.3:h:supermicro:x9drff-7g\+:-:::::::*
cpe:2.3:h:supermicro:x9drff-7t\+:-:::::::*
cpe:2.3:h:supermicro:x9drff-7tg\+:-:::::::*
cpe:2.3:h:supermicro:x9drff-i\+:-:::::::*
cpe:2.3:h:supermicro:x9drff-ig\+:-:::::::*
cpe:2.3:h:supermicro:x9drff-it\+:-:::::::*
cpe:2.3:h:supermicro:x9drff-itg\+:-:::::::*
cpe:2.3:h:supermicro:x9drfr:-:::::::*
cpe:2.3:h:supermicro:x9drg-hf:-:::::::*
cpe:2.3:h:supermicro:x9drg-hf\+:-:::::::*
cpe:2.3:h:supermicro:x9drg-htf:-:::::::*
cpe:2.3:h:supermicro:x9drg-htf\+:-:::::::*
cpe:2.3:h:supermicro:x9drh-7f:-:::::::*
cpe:2.3:h:supermicro:x9drh-7tf:-:::::::*
cpe:2.3:h:supermicro:x9drh-if:-:::::::*
cpe:2.3:h:supermicro:x9drh-itf:-:::::::*
cpe:2.3:h:supermicro:x9dri-f:-:::::::*
cpe:2.3:h:supermicro:x9dri-ln4f\+:-:::::::*
cpe:2.3:h:supermicro:x9drl-3f:-:::::::*
cpe:2.3:h:supermicro:x9drl-ef:-:::::::*
cpe:2.3:h:supermicro:x9drl-if:-:::::::*
cpe:2.3:h:supermicro:x9drt-f:-:::::::*
cpe:2.3:h:supermicro:x9drt-h6f:-:::::::*
cpe:2.3:h:supermicro:x9drt-h6ibff:-:::::::*
cpe:2.3:h:supermicro:x9drt-h6ibqf:-:::::::*
cpe:2.3:h:supermicro:x9drt-hf\+:-:::::::*
cpe:2.3:h:supermicro:x9drt-ibff:-:::::::*
cpe:2.3:h:supermicro:x9drt-ibqf:-:::::::*
cpe:2.3:h:supermicro:x9drw-3ln4f\+:-:::::::*
cpe:2.3:h:supermicro:x9drw-3tf\+:-:::::::*
cpe:2.3:h:supermicro:x9drw-7tpf\+:-:::::::*
cpe:2.3:h:supermicro:x9drw-itpf\+:-:::::::*
cpe:2.3:h:supermicro:x9drx\+-f:-:::::::*
cpe:2.3:h:supermicro:x9qr7-tf:-:::::::*
cpe:2.3:h:supermicro:x9qr7-tf\+:-:::::::*
cpe:2.3:h:supermicro:x9qr7-tf-jbod:-:::::::*
cpe:2.3:h:supermicro:x9qri-f:-:::::::*
cpe:2.3:h:supermicro:x9qri-f\+:-:::::::*
cpe:2.3:h:supermicro:x9sbaa-f:-:::::::*
cpe:2.3:h:supermicro:x9sca-f:-:::::::*
cpe:2.3:h:supermicro:x9scd-f:-:::::::*
cpe:2.3:h:supermicro:x9sce-f:-:::::::*
cpe:2.3:h:supermicro:x9scff-f:-:::::::*
cpe:2.3:h:supermicro:x9sci-ln4f:-:::::::*
cpe:2.3:h:supermicro:x9scl\+-f:-:::::::*
cpe:2.3:h:supermicro:x9scl-f:-:::::::*
cpe:2.3:h:supermicro:x9scm-f:-:::::::*
cpe:2.3:h:supermicro:x9scm-iif:-:::::::*
cpe:2.3:h:supermicro:x9spu-f:-:::::::*
cpe:2.3:h:supermicro:x9srd-f:-:::::::*
cpe:2.3:h:supermicro:x9sre-3f:-:::::::*
cpe:2.3:h:supermicro:x9sre-f:-:::::::*
cpe:2.3:h:supermicro:x9srg-f:-:::::::*
cpe:2.3:h:supermicro:x9sri-3f:-:::::::*
cpe:2.3:h:supermicro:x9sri-f:-:::::::*
cpe:2.3:h:supermicro:x9srl-f:-:::::::*
cpe:2.3:h:supermicro:x9srw-f:-:::::::*

References

Link	Resource
http://www.kb.cert.org/vuls/id/648646	US Government Resource
http://www.securityfocus.com/bid/62094
http://www.supermicro.com/products/nfo/files/IPMI/CVE_Update.pdf
http://www.thomas-krenn.com/en/wiki/Supermicro_IPMI_Security_Updates_November_2013
https://support.citrix.com/article/CTX216642
https://www.usenix.org/system/files/conference/woot13/woot13-bonkoski_0.pdf	Exploit