CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Vulnerability Details : CVE-2013-3608

The web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC*, H8DG*, H8SCM-F, H8SGL-F, H8SM*, X7SP*, X8DT*, X8SI*, X9DAX-*, X9DB*, X9DR*, X9QR*, X9SBAA-F, X9SC*, X9SPU-F, and X9SR* devices allows remote authenticated users to execute arbitrary commands via shell metacharacters, as demonstrated by the IP address field in config_date_time.cgi.
Publish Date : 2013-09-07 Last Update Date : 2013-12-13
Search Twitter   Search YouTube   Search Google

- CVSS Scores & Vulnerability Types

CVSS Score
10.0
Confidentiality Impact Complete (There is total information disclosure, resulting in all system files being revealed.)
Integrity Impact Complete (There is a total compromise of system integrity. There is a complete loss of system protection, resulting in the entire system being compromised.)
Availability Impact Complete (There is a total shutdown of the affected resource. The attacker can render the resource completely unavailable.)
Access Complexity Low (Specialized access conditions or extenuating circumstances do not exist. Very little knowledge or skill is required to exploit. )
Authentication Not required (Authentication is not required to exploit the vulnerability.)
Gained Access None
Vulnerability Type(s) Execute Code
CWE ID 20

- Products Affected By CVE-2013-3608

# Product Type Vendor Product Version Update Edition Language
1 Hardware Supermicro H8dcl-6f - Version Details Vulnerabilities
2 Hardware Supermicro H8dcl-if - Version Details Vulnerabilities
3 Hardware Supermicro H8dct-hibqf - Version Details Vulnerabilities
4 Hardware Supermicro H8dct-hln4f - Version Details Vulnerabilities
5 Hardware Supermicro H8dct-ibqf - Version Details Vulnerabilities
6 Hardware Supermicro H8dg6-f - Version Details Vulnerabilities
7 Hardware Supermicro H8dgg-qf - Version Details Vulnerabilities
8 Hardware Supermicro H8dgi-f - Version Details Vulnerabilities
9 Hardware Supermicro H8dgt-hf - Version Details Vulnerabilities
10 Hardware Supermicro H8dgt-hibqf - Version Details Vulnerabilities
11 Hardware Supermicro H8dgt-hlf - Version Details Vulnerabilities
12 Hardware Supermicro H8dgt-hlibqf - Version Details Vulnerabilities
13 Hardware Supermicro H8dgu-f - Version Details Vulnerabilities
14 Hardware Supermicro H8dgu-ln4f+ - Version Details Vulnerabilities
15 Hardware Supermicro H8scm-f - Version Details Vulnerabilities
16 Hardware Supermicro H8sgl-f - Version Details Vulnerabilities
17 Hardware Supermicro H8sme-f - Version Details Vulnerabilities
18 Hardware Supermicro H8sml-7 - Version Details Vulnerabilities
19 Hardware Supermicro H8sml-7f - Version Details Vulnerabilities
20 Hardware Supermicro H8sml-i - Version Details Vulnerabilities
21 Hardware Supermicro H8sml-if - Version Details Vulnerabilities
22 Hardware Supermicro X7spa-hf - Version Details Vulnerabilities
23 Hardware Supermicro X7spa-hf-d525 - Version Details Vulnerabilities
24 Hardware Supermicro X7spe-h-d525 - Version Details Vulnerabilities
25 Hardware Supermicro X7spe-hf - Version Details Vulnerabilities
26 Hardware Supermicro X7spe-hf-d525 - Version Details Vulnerabilities
27 Hardware Supermicro X7spt-df-d525 - Version Details Vulnerabilities
28 Hardware Supermicro X7spt-df-d525+ - Version Details Vulnerabilities
29 Hardware Supermicro X8dtl-3f - Version Details Vulnerabilities
30 Hardware Supermicro X8dtl-6f - Version Details Vulnerabilities
31 Hardware Supermicro X8dtl-if - Version Details Vulnerabilities
32 Hardware Supermicro X8dtn+-f - Version Details Vulnerabilities
33 Hardware Supermicro X8dtn+-f-lr - Version Details Vulnerabilities
34 Hardware Supermicro X8dtu-6f+ - Version Details Vulnerabilities
35 Hardware Supermicro X8dtu-6f+-lr - Version Details Vulnerabilities
36 Hardware Supermicro X8dtu-6tf+ - Version Details Vulnerabilities
37 Hardware Supermicro X8dtu-6tf+-lr - Version Details Vulnerabilities
38 Hardware Supermicro X8dtu-ln4f+ - Version Details Vulnerabilities
39 Hardware Supermicro X8dtu-ln4f+-lr - Version Details Vulnerabilities
40 Hardware Supermicro X8si6-f - Version Details Vulnerabilities
41 Hardware Supermicro X8sia-f - Version Details Vulnerabilities
42 Hardware Supermicro X8sie-f - Version Details Vulnerabilities
43 Hardware Supermicro X8sie-ln4f - Version Details Vulnerabilities
44 Hardware Supermicro X8sil-f - Version Details Vulnerabilities
45 Hardware Supermicro X8sit-f - Version Details Vulnerabilities
46 Hardware Supermicro X8sit-hf - Version Details Vulnerabilities
47 Hardware Supermicro X8siu-f - Version Details Vulnerabilities
48 Hardware Supermicro X9dax-7f - Version Details Vulnerabilities
49 Hardware Supermicro X9dax-7f-hft - Version Details Vulnerabilities
50 Hardware Supermicro X9dax-7tf - Version Details Vulnerabilities
51 Hardware Supermicro X9dax-if - Version Details Vulnerabilities
52 Hardware Supermicro X9dax-if-hft - Version Details Vulnerabilities
53 Hardware Supermicro X9dax-itf - Version Details Vulnerabilities
54 Hardware Supermicro X9db3-f - Version Details Vulnerabilities
55 Hardware Supermicro X9db3-tpf - Version Details Vulnerabilities
56 Hardware Supermicro X9dbi-f - Version Details Vulnerabilities
57 Hardware Supermicro X9dbi-tpf - Version Details Vulnerabilities
58 Hardware Supermicro X9dbl-3f - Version Details Vulnerabilities
59 Hardware Supermicro X9dbl-if - Version Details Vulnerabilities
60 Hardware Supermicro X9dbu-3f - Version Details Vulnerabilities
61 Hardware Supermicro X9dbu-if - Version Details Vulnerabilities
62 Hardware Supermicro X9dr3-f - Version Details Vulnerabilities
63 Hardware Supermicro X9dr3-ln4f+ - Version Details Vulnerabilities
64 Hardware Supermicro X9dr7-ln4f - Version Details Vulnerabilities
65 Hardware Supermicro X9dr7-ln4f-jbod - Version Details Vulnerabilities
66 Hardware Supermicro X9dr7-tf+ - Version Details Vulnerabilities
67 Hardware Supermicro X9drd-7jln4f - Version Details Vulnerabilities
68 Hardware Supermicro X9drd-7ln4f - Version Details Vulnerabilities
69 Hardware Supermicro X9drd-7ln4f-jbod - Version Details Vulnerabilities
70 Hardware Supermicro X9drd-ef - Version Details Vulnerabilities
71 Hardware Supermicro X9drd-if - Version Details Vulnerabilities
72 Hardware Supermicro X9dre-ln4f - Version Details Vulnerabilities
73 Hardware Supermicro X9dre-tf+ - Version Details Vulnerabilities
74 Hardware Supermicro X9drff - Version Details Vulnerabilities
75 Hardware Supermicro X9drff-7 - Version Details Vulnerabilities
76 Hardware Supermicro X9drff-7+ - Version Details Vulnerabilities
77 Hardware Supermicro X9drff-7g+ - Version Details Vulnerabilities
78 Hardware Supermicro X9drff-7t+ - Version Details Vulnerabilities
79 Hardware Supermicro X9drff-7tg+ - Version Details Vulnerabilities
80 Hardware Supermicro X9drff-i+ - Version Details Vulnerabilities
81 Hardware Supermicro X9drff-ig+ - Version Details Vulnerabilities
82 Hardware Supermicro X9drff-it+ - Version Details Vulnerabilities
83 Hardware Supermicro X9drff-itg+ - Version Details Vulnerabilities
84 Hardware Supermicro X9drfr - Version Details Vulnerabilities
85 Hardware Supermicro X9drg-hf - Version Details Vulnerabilities
86 Hardware Supermicro X9drg-hf+ - Version Details Vulnerabilities
87 Hardware Supermicro X9drg-htf - Version Details Vulnerabilities
88 Hardware Supermicro X9drg-htf+ - Version Details Vulnerabilities
89 Hardware Supermicro X9drh-7f - Version Details Vulnerabilities
90 Hardware Supermicro X9drh-7tf - Version Details Vulnerabilities
91 Hardware Supermicro X9drh-if - Version Details Vulnerabilities
92 Hardware Supermicro X9drh-itf - Version Details Vulnerabilities
93 Hardware Supermicro X9dri-f - Version Details Vulnerabilities
94 Hardware Supermicro X9dri-ln4f+ - Version Details Vulnerabilities
95 Hardware Supermicro X9drl-3f - Version Details Vulnerabilities
96 Hardware Supermicro X9drl-ef - Version Details Vulnerabilities
97 Hardware Supermicro X9drl-if - Version Details Vulnerabilities
98 Hardware Supermicro X9drt-f - Version Details Vulnerabilities
99 Hardware Supermicro X9drt-h6f - Version Details Vulnerabilities
100 Hardware Supermicro X9drt-h6ibff - Version Details Vulnerabilities
101 Hardware Supermicro X9drt-h6ibqf - Version Details Vulnerabilities
102 Hardware Supermicro X9drt-hf+ - Version Details Vulnerabilities
103 Hardware Supermicro X9drt-ibff - Version Details Vulnerabilities
104 Hardware Supermicro X9drt-ibqf - Version Details Vulnerabilities
105 Hardware Supermicro X9drw-3ln4f+ - Version Details Vulnerabilities
106 Hardware Supermicro X9drw-3tf+ - Version Details Vulnerabilities
107 Hardware Supermicro X9drw-7tpf+ - Version Details Vulnerabilities
108 Hardware Supermicro X9drw-itpf+ - Version Details Vulnerabilities
109 Hardware Supermicro X9drx+-f - Version Details Vulnerabilities
110 Hardware Supermicro X9qr7-tf - Version Details Vulnerabilities
111 Hardware Supermicro X9qr7-tf+ - Version Details Vulnerabilities
112 Hardware Supermicro X9qr7-tf-jbod - Version Details Vulnerabilities
113 Hardware Supermicro X9qri-f - Version Details Vulnerabilities
114 Hardware Supermicro X9qri-f+ - Version Details Vulnerabilities
115 Hardware Supermicro X9sbaa-f - Version Details Vulnerabilities
116 Hardware Supermicro X9sca-f - Version Details Vulnerabilities
117 Hardware Supermicro X9scd-f - Version Details Vulnerabilities
118 Hardware Supermicro X9sce-f - Version Details Vulnerabilities
119 Hardware Supermicro X9scff-f - Version Details Vulnerabilities
120 Hardware Supermicro X9sci-ln4f - Version Details Vulnerabilities
121 Hardware Supermicro X9scl+-f - Version Details Vulnerabilities
122 Hardware Supermicro X9scl-f - Version Details Vulnerabilities
123 Hardware Supermicro X9scm-f - Version Details Vulnerabilities
124 Hardware Supermicro X9scm-iif - Version Details Vulnerabilities
125 Hardware Supermicro X9spu-f - Version Details Vulnerabilities
126 Hardware Supermicro X9srd-f - Version Details Vulnerabilities
127 Hardware Supermicro X9sre-3f - Version Details Vulnerabilities
128 Hardware Supermicro X9sre-f - Version Details Vulnerabilities
129 Hardware Supermicro X9srg-f - Version Details Vulnerabilities
130 Hardware Supermicro X9sri-3f - Version Details Vulnerabilities
131 Hardware Supermicro X9sri-f - Version Details Vulnerabilities
132 Hardware Supermicro X9srl-f - Version Details Vulnerabilities
133 Hardware Supermicro X9srw-f - Version Details Vulnerabilities

- Number Of Affected Versions By Product

Vendor Product Vulnerable Versions
Supermicro H8dcl-6f 1
Supermicro H8dcl-if 1
Supermicro H8dct-hibqf 1
Supermicro H8dct-hln4f 1
Supermicro H8dct-ibqf 1
Supermicro H8dg6-f 1
Supermicro H8dgg-qf 1
Supermicro H8dgi-f 1
Supermicro H8dgt-hf 1
Supermicro H8dgt-hibqf 1
Supermicro H8dgt-hlf 1
Supermicro H8dgt-hlibqf 1
Supermicro H8dgu-f 1
Supermicro H8dgu-ln4f+ 1
Supermicro H8scm-f 1
Supermicro H8sgl-f 1
Supermicro H8sme-f 1
Supermicro H8sml-7 1
Supermicro H8sml-7f 1
Supermicro H8sml-i 1
Supermicro H8sml-if 1
Supermicro X7spa-hf 1
Supermicro X7spa-hf-d525 1
Supermicro X7spe-h-d525 1
Supermicro X7spe-hf 1
Supermicro X7spe-hf-d525 1
Supermicro X7spt-df-d525 1
Supermicro X7spt-df-d525+ 1
Supermicro X8dtl-3f 1
Supermicro X8dtl-6f 1
Supermicro X8dtl-if 1
Supermicro X8dtn+-f 1
Supermicro X8dtn+-f-lr 1
Supermicro X8dtu-6f+ 1
Supermicro X8dtu-6f+-lr 1
Supermicro X8dtu-6tf+ 1
Supermicro X8dtu-6tf+-lr 1
Supermicro X8dtu-ln4f+ 1
Supermicro X8dtu-ln4f+-lr 1
Supermicro X8si6-f 1
Supermicro X8sia-f 1
Supermicro X8sie-f 1
Supermicro X8sie-ln4f 1
Supermicro X8sil-f 1
Supermicro X8sit-f 1
Supermicro X8sit-hf 1
Supermicro X8siu-f 1
Supermicro X9dax-7f 1
Supermicro X9dax-7f-hft 1
Supermicro X9dax-7tf 1
Supermicro X9dax-if 1
Supermicro X9dax-if-hft 1
Supermicro X9dax-itf 1
Supermicro X9db3-f 1
Supermicro X9db3-tpf 1
Supermicro X9dbi-f 1
Supermicro X9dbi-tpf 1
Supermicro X9dbl-3f 1
Supermicro X9dbl-if 1
Supermicro X9dbu-3f 1
Supermicro X9dbu-if 1
Supermicro X9dr3-f 1
Supermicro X9dr3-ln4f+ 1
Supermicro X9dr7-ln4f 1
Supermicro X9dr7-ln4f-jbod 1
Supermicro X9dr7-tf+ 1
Supermicro X9drd-7jln4f 1
Supermicro X9drd-7ln4f 1
Supermicro X9drd-7ln4f-jbod 1
Supermicro X9drd-ef 1
Supermicro X9drd-if 1
Supermicro X9dre-ln4f 1
Supermicro X9dre-tf+ 1
Supermicro X9drff 1
Supermicro X9drff-7 1
Supermicro X9drff-7+ 1
Supermicro X9drff-7g+ 1
Supermicro X9drff-7t+ 1
Supermicro X9drff-7tg+ 1
Supermicro X9drff-i+ 1
Supermicro X9drff-ig+ 1
Supermicro X9drff-it+ 1
Supermicro X9drff-itg+ 1
Supermicro X9drfr 1
Supermicro X9drg-hf 1
Supermicro X9drg-hf+ 1
Supermicro X9drg-htf 1
Supermicro X9drg-htf+ 1
Supermicro X9drh-7f 1
Supermicro X9drh-7tf 1
Supermicro X9drh-if 1
Supermicro X9drh-itf 1
Supermicro X9dri-f 1
Supermicro X9dri-ln4f+ 1
Supermicro X9drl-3f 1
Supermicro X9drl-ef 1
Supermicro X9drl-if 1
Supermicro X9drt-f 1
Supermicro X9drt-h6f 1
Supermicro X9drt-h6ibff 1
Supermicro X9drt-h6ibqf 1
Supermicro X9drt-hf+ 1
Supermicro X9drt-ibff 1
Supermicro X9drt-ibqf 1
Supermicro X9drw-3ln4f+ 1
Supermicro X9drw-3tf+ 1
Supermicro X9drw-7tpf+ 1
Supermicro X9drw-itpf+ 1
Supermicro X9drx+-f 1
Supermicro X9qr7-tf 1
Supermicro X9qr7-tf+ 1
Supermicro X9qr7-tf-jbod 1
Supermicro X9qri-f 1
Supermicro X9qri-f+ 1
Supermicro X9sbaa-f 1
Supermicro X9sca-f 1
Supermicro X9scd-f 1
Supermicro X9sce-f 1
Supermicro X9scff-f 1
Supermicro X9sci-ln4f 1
Supermicro X9scl+-f 1
Supermicro X9scl-f 1
Supermicro X9scm-f 1
Supermicro X9scm-iif 1
Supermicro X9spu-f 1
Supermicro X9srd-f 1
Supermicro X9sre-3f 1
Supermicro X9sre-f 1
Supermicro X9srg-f 1
Supermicro X9sri-3f 1
Supermicro X9sri-f 1
Supermicro X9srl-f 1
Supermicro X9srw-f 1

- References For CVE-2013-3608

http://www.supermicro.com/products/nfo/files/IPMI/CVE_Update.pdf CONFIRM
http://www.kb.cert.org/vuls/id/648646
CERT-VN VU#648646
https://www.usenix.org/system/files/conference/woot13/woot13-bonkoski_0.pdf
http://www.thomas-krenn.com/en/wiki/Supermicro_IPMI_Security_Updates_November_2013

- Metasploit Modules Related To CVE-2013-3608

There are not any metasploit modules related to this vulnerability (Please visit www.metasploit.com for more information)


CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.