CVE-2013-6785 - OpenCVE

Directory traversal vulnerability in url_redirect.cgi in Supermicro IPMI before SMT_X9_315 allows authenticated attackers to read arbitrary files via the url_name parameter.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:S/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Supermicro	Intelligent Platform Management Interface

Configuration 1 [-]

cpe:2.3:a:supermicro:intelligent_platform_management_interface:*:*:*:*:*:*:*:*

References

Link	Resource
https://blog.rapid7.com/2013/11/06/supermicro-ipmi-firmware-vulnerabilities/	Not Applicable
https://www.tenable.com/cve/CVE-2013-6785	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2020-01-23T14:16:52

Updated: 2020-01-23T14:16:52

Reserved: 2013-11-12T00:00:00

Link: CVE-2013-6785

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-01-23T15:15:12.757

Modified: 2020-02-04T20:27:06.137

Link: CVE-2013-6785

JSON object: View

Redhat Information

No data.

CWE

CWE-22

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:supermicro:intelligent_platform_management_interface:*:*:*:*:*:*:*:*", "matchCriteriaId": "0BAAA3BA-9F26-4DCD-9F28-53C419625394", "versionEndExcluding": "smt_x9_315", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in url_redirect.cgi in Supermicro IPMI before SMT_X9_315 allows authenticated attackers to read arbitrary files via the url_name parameter."}, {"lang": "es", "value": "La vulnerabilidad de salto de directorio en el archivo url_redirect.cgi en Supermicro IPMI versiones anteriores a SMT_X9_315, permite a atacantes autenticados leer archivos arbitrarios por medio del par\u00e1metro url_name."}], "id": "CVE-2013-6785", "lastModified": "2020-02-04T20:27:06.137", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-01-23T15:15:12.757", "references": [{"source": "cve@mitre.org", "tags": ["Not Applicable"], "url": "https://blog.rapid7.com/2013/11/06/supermicro-ipmi-firmware-vulnerabilities/"}, {"source": "nvd@nist.gov", "tags": ["Third Party Advisory"], "url": "https://www.tenable.com/cve/CVE-2013-6785"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}