Vulnerability Details : CVE-2013-3623
Public exploit exists!
Multiple stack-based buffer overflows in cgi/close_window.cgi in the web interface in the Intelligent Platform Management Interface (IPMI) with firmware before 3.15 (SMT_X9_315) on Supermicro X9 generation motherboards allow remote attackers to execute arbitrary code via the (1) sess_sid or (2) ACT parameter.
Vulnerability category: OverflowExecute code
Products affected by CVE-2013-3623
- Supermicro » Intelligent Platform Management Firmware » For X9 Generation MotherboardsVersions up to, including, (<=) 2.26cpe:2.3:o:supermicro:intelligent_platform_management_firmware:*:-:-:*:-:-:x9_generation_motherboards:*
- Supermicro » Intelligent Platform Management Firmware » Version: 2.24 For X9 Generation Motherboardscpe:2.3:o:supermicro:intelligent_platform_management_firmware:2.24:-:-:*:-:-:x9_generation_motherboards:*
Exploit prediction scoring system (EPSS) score for CVE-2013-3623
96.15%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2013-3623
-
Supermicro Onboard IPMI close_window.cgi Buffer Overflow
Disclosure Date: 2013-11-06First seen: 2020-04-26exploit/linux/http/smt_ipmi_close_window_bofThis module exploits a buffer overflow on the Supermicro Onboard IPMI controller web interface. The vulnerability exists on the close_window.cgi CGI application, and is due to the insecure usage of strcpy. In order to get a session, the module will execute system() f -
Supermicro Onboard IPMI CGI Vulnerability Scanner
Disclosure Date: 2013-11-06First seen: 2020-04-26auxiliary/scanner/http/smt_ipmi_cgi_scannerThis module checks for known vulnerabilities in the CGI applications of Supermicro Onboard IPMI controllers. These issues currently include several unauthenticated buffer overflows in the login.cgi and close_window.cgi components. Authors: - hdm <x@hdm.io>
CVSS scores for CVE-2013-3623
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2013-3623
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-3623
-
https://community.rapid7.com/community/metasploit/blog/2013/11/06/supermicro-ipmi-firmware-vulnerabilities
Supermicro IPMI Firmware VulnerabilitiesExploit
-
http://www.thomas-krenn.com/en/wiki/Supermicro_IPMI_Security_Updates_November_2013
Supermicro IPMI Security Updates November 2013 - Thomas-Krenn-Wiki
-
http://www.securityfocus.com/bid/63775
Supermicro IPMI 'close_window.cgi' Multiple Buffer Overflow Vulnerabilities
-
http://www.supermicro.com/products/nfo/files/IPMI/CVE_Update.pdf
Vendor Advisory
-
https://support.citrix.com/article/CTX216642
Multiple Security Vulnerabilities in Citrix NetScaler Platform IPMI Lights Out Management (LOM) firmware
-
http://www.exploit-db.com/exploits/29666
Supermicro Onboard IPMI - 'close_window.cgi' Remote Buffer Overflow (Metasploit) - Hardware remote ExploitExploit
Jump to