Intelligent Platform Management Interface (IPMI) with firmware for Supermicro X9 generation motherboards before SMT_X9_317 and firmware for Supermicro X8 generation motherboards before SMT X8 312 contain harcoded private encryption keys for the (1) Lighttpd web server SSL interface and the (2) Dropbear SSH daemon.
References
Link | Resource |
---|---|
http://support.citrix.com/article/CTX216642 | Third Party Advisory |
https://community.rapid7.com/community/metasploit/blog/2013/11/05/supermicro-ipmi-firmware-vulnerabilities | Third Party Advisory |
https://exchange.xforce.ibmcloud.com/vulnerabilities/89044 | Third Party Advisory VDB Entry |
https://support.citrix.com/article/CTX216642 | Third Party Advisory |
https://www.supermicro.com/products/nfo/files/IPMI/CVE_Update.pdf | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: certcc
Published: 2020-01-02T17:51:46
Updated: 2020-01-02T17:51:46
Reserved: 2013-05-21T00:00:00
Link: CVE-2013-3619
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-01-02T18:15:11.323
Modified: 2020-01-15T14:08:06.497
Link: CVE-2013-3619
JSON object: View
Redhat Information
No data.
CWE