var-201312-0075
Vulnerability from variot
Buffer overflow in logout.cgi in the Intelligent Platform Management Interface (IPMI) with firmware before 3.15 (SMT_X9_315) on Supermicro X9 generation motherboards allows remote authenticated users to execute arbitrary code via the SID parameter. Supermicro IPMI is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. Attackers may be able to execute arbitrary code with root privileges in the context of the affected firmware. Failed exploit attempts will likely result in denial-of-service conditions. Supermicro IPMI running firmware versions prior to SMT_X9_315 are vulnerable. Supermicro Intelligent Platform Management Interface (IPMI) is an IPMI card (Intelligent Platform Management Interface) of Supermicro, which can remotely control the system, such as remote booting, entering BIOS, etc
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201312-0075",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "intelligent platform management",
"scope": "eq",
"trust": 1.6,
"vendor": "supermicro",
"version": "2.24"
},
{
"model": "intelligent platform management",
"scope": "lte",
"trust": 1.0,
"vendor": "supermicro",
"version": "2.26"
},
{
"model": "intelligent platform management interface",
"scope": "lt",
"trust": 0.8,
"vendor": "super micro computer",
"version": "3.15 (smt_x9_315)"
},
{
"model": "intelligent platform management",
"scope": "eq",
"trust": 0.6,
"vendor": "supermicro",
"version": "2.26"
},
{
"model": "micro computer supermicro ipmi smt x9 226",
"scope": null,
"trust": 0.3,
"vendor": "super",
"version": null
},
{
"model": "micro computer supermicro ipmi smt x9 224",
"scope": null,
"trust": 0.3,
"vendor": "super",
"version": null
},
{
"model": "micro computer supermicro ipmi smt x9 315",
"scope": "ne",
"trust": 0.3,
"vendor": "super",
"version": null
}
],
"sources": [
{
"db": "BID",
"id": "64259"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005498"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-172"
},
{
"db": "NVD",
"id": "CVE-2013-3622"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:supermicro:intelligent_platform_management_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005498"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HD Moore of Rapid7",
"sources": [
{
"db": "BID",
"id": "64259"
}
],
"trust": 0.3
},
"cve": "CVE-2013-3622",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CVE-2013-3622",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "VHN-63624",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-3622",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2013-3622",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201312-172",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-63624",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2013-3622",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-63624"
},
{
"db": "VULMON",
"id": "CVE-2013-3622"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005498"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-172"
},
{
"db": "NVD",
"id": "CVE-2013-3622"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in logout.cgi in the Intelligent Platform Management Interface (IPMI) with firmware before 3.15 (SMT_X9_315) on Supermicro X9 generation motherboards allows remote authenticated users to execute arbitrary code via the SID parameter. Supermicro IPMI is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. \nAttackers may be able to execute arbitrary code with root privileges in the context of the affected firmware. Failed exploit attempts will likely result in denial-of-service conditions. \nSupermicro IPMI running firmware versions prior to SMT_X9_315 are vulnerable. Supermicro Intelligent Platform Management Interface (IPMI) is an IPMI card (Intelligent Platform Management Interface) of Supermicro, which can remotely control the system, such as remote booting, entering BIOS, etc",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-3622"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005498"
},
{
"db": "BID",
"id": "64259"
},
{
"db": "VULHUB",
"id": "VHN-63624"
},
{
"db": "VULMON",
"id": "CVE-2013-3622"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-3622",
"trust": 2.9
},
{
"db": "BID",
"id": "64259",
"trust": 1.5
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005498",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201312-172",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-63624",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2013-3622",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-63624"
},
{
"db": "VULMON",
"id": "CVE-2013-3622"
},
{
"db": "BID",
"id": "64259"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005498"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-172"
},
{
"db": "NVD",
"id": "CVE-2013-3622"
}
]
},
"id": "VAR-201312-0075",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-63624"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:35:18.455000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.supermicro.com.tw/index_home.cfm"
},
{
"title": "Citrix Security Bulletins: Multiple Security Vulnerabilities in Citrix NetScaler Platform IPMI Lights Out Management (LOM) firmware",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins\u0026qid=eb059834b7f24e2562bcf592b6d0afbc"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2013-3622"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005498"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-63624"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005498"
},
{
"db": "NVD",
"id": "CVE-2013-3622"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.9,
"url": "https://community.rapid7.com/community/metasploit/blog/2013/11/06/supermicro-ipmi-firmware-vulnerabilities"
},
{
"trust": 1.6,
"url": "https://support.citrix.com/article/ctx216642"
},
{
"trust": 1.3,
"url": "http://www.securityfocus.com/bid/64259"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3622"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3622"
},
{
"trust": 0.3,
"url": "http://www.supermicro.com/support/bios/firmware0.aspx"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-63624"
},
{
"db": "VULMON",
"id": "CVE-2013-3622"
},
{
"db": "BID",
"id": "64259"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005498"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-172"
},
{
"db": "NVD",
"id": "CVE-2013-3622"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-63624"
},
{
"db": "VULMON",
"id": "CVE-2013-3622"
},
{
"db": "BID",
"id": "64259"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005498"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-172"
},
{
"db": "NVD",
"id": "CVE-2013-3622"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-12-10T00:00:00",
"db": "VULHUB",
"id": "VHN-63624"
},
{
"date": "2013-12-10T00:00:00",
"db": "VULMON",
"id": "CVE-2013-3622"
},
{
"date": "2013-11-06T00:00:00",
"db": "BID",
"id": "64259"
},
{
"date": "2013-12-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-005498"
},
{
"date": "2013-12-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201312-172"
},
{
"date": "2013-12-10T16:11:18.210000",
"db": "NVD",
"id": "CVE-2013-3622"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-15T00:00:00",
"db": "VULHUB",
"id": "VHN-63624"
},
{
"date": "2017-11-15T00:00:00",
"db": "VULMON",
"id": "CVE-2013-3622"
},
{
"date": "2013-11-06T00:00:00",
"db": "BID",
"id": "64259"
},
{
"date": "2013-12-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-005498"
},
{
"date": "2013-12-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201312-172"
},
{
"date": "2024-11-21T01:54:00.247000",
"db": "NVD",
"id": "CVE-2013-3622"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201312-172"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SuperMicro of X9 Run on generation motherboard IPMI Vulnerabilities that allow arbitrary code to be executed in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005498"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201312-172"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.