The web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC*, H8DG*, H8SCM-F, H8SGL-F, H8SM*, X7SP*, X8DT*, X8SI*, X9DAX-*, X9DB*, X9DR*, X9QR*, X9SBAA-F, X9SC*, X9SPU-F, and X9SR* devices relies on JavaScript code on the client for authorization checks, which allows remote authenticated users to bypass intended access restrictions via a crafted request, related to the PrivilegeCallBack function.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 01:53
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.kb.cert.org/vuls/id/648646 - US Government Resource | |
References | () http://www.securityfocus.com/bid/62098 - | |
References | () http://www.supermicro.com/products/nfo/files/IPMI/CVE_Update.pdf - | |
References | () http://www.thomas-krenn.com/en/wiki/Supermicro_IPMI_Security_Updates_November_2013 - | |
References | () https://support.citrix.com/article/CTX216642 - | |
References | () https://www.usenix.org/system/files/conference/woot13/woot13-bonkoski_0.pdf - Exploit |
Information
Published : 2013-09-08 03:17
Updated : 2024-11-21 01:53
NVD link : CVE-2013-3609
Mitre link : CVE-2013-3609
CVE.ORG link : CVE-2013-3609
JSON object : View
Products Affected
supermicro
- x9drff-7tg\+
- x9drl-3f
- x9sre-3f
- x9dbl-3f
- x9dax-7f-hft
- x9scl\+-f
- x9sbaa-f
- x8dtu-6tf\+
- x8siu-f
- x9dri-ln4f\+
- x9drw-itpf\+
- x9drg-hf
- x9dr3-ln4f\+
- x9dax-7f
- h8dgt-hf
- h8sml-7f
- x9drff-ig\+
- x9drw-3ln4f\+
- x8dtu-6f\+-lr
- x9srg-f
- x9drh-7tf
- h8dgt-hibqf
- x9srl-f
- x9dax-itf
- h8sgl-f
- x8dtl-3f
- x9drff-7\+
- x9drd-7ln4f
- x9drt-ibff
- x9dbi-tpf
- x9dri-f
- x8sie-f
- x9db3-tpf
- x8sie-ln4f
- x9sci-ln4f
- x9spu-f
- x9dax-7tf
- x9drh-itf
- x7spa-hf-d525
- x9dr7-ln4f-jbod
- x9dr7-ln4f
- x9drt-hf\+
- x9sce-f
- x9dre-ln4f
- x8dtn\+-f
- x9scl-f
- h8scm-f
- x9drfr
- x9dax-if-hft
- x7spe-hf-d525
- x8dtn\+-f-lr
- x8dtl-if
- h8dcl-if
- x9drh-7f
- x9drff-it\+
- x9srd-f
- x9drd-7ln4f-jbod
- x9drh-if
- x9dax-if
- x9qri-f
- x9drff
- x7spe-h-d525
- h8dgu-ln4f\+
- x9drt-ibqf
- x9sca-f
- x9drx\+-f
- h8dgi-f
- h8sml-if
- h8dcl-6f
- x9drl-if
- h8dgu-f
- x9drt-h6ibff
- x9qri-f\+
- x9drw-7tpf\+
- x8sia-f
- x9drt-f
- x8dtu-ln4f\+
- x8sit-f
- x9scm-f
- h8sml-7
- x9drd-ef
- h8dgt-hlibqf
- x7spe-hf
- x9drff-7
- x8sit-hf
- x9dbl-if
- x9drt-h6f
- x9scm-iif
- x9qr7-tf\+
- x7spa-hf
- x9drg-htf
- x9sri-3f
- x9dr7-tf\+
- x7spt-df-d525
- x9dbi-f
- x7spt-df-d525\+
- x9drd-7jln4f
- x9drff-i\+
- x9drg-htf\+
- x9dbu-if
- x8dtu-ln4f\+-lr
- x9dre-tf\+
- x9sre-f
- x9dr3-f
- x8dtu-6tf\+-lr
- x9srw-f
- x9scff-f
- x9db3-f
- x8sil-f
- x9drff-7g\+
- x9qr7-tf
- h8dct-ibqf
- h8dgg-qf
- x8dtu-6f\+
- h8dgt-hlf
- h8sml-i
- x9drw-3tf\+
- x9qr7-tf-jbod
- x9drff-itg\+
- x9drt-h6ibqf
- h8sme-f
- x8si6-f
- x9drg-hf\+
- x9drl-ef
- x9drff-7t\+
- x8dtl-6f
- h8dct-hibqf
- x9scd-f
- x9sri-f
- h8dct-hln4f
- x9drd-if
- h8dg6-f
- x9dbu-3f
CWE
CWE-20
Improper Input Validation