var-201312-0076
Vulnerability from variot
Multiple stack-based buffer overflows in cgi/close_window.cgi in the web interface in the Intelligent Platform Management Interface (IPMI) with firmware before 3.15 (SMT_X9_315) on Supermicro X9 generation motherboards allow remote attackers to execute arbitrary code via the (1) sess_sid or (2) ACT parameter. Supermicro IPMI is prone to multiple buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied data. Attackers may be able to execute arbitrary code in the context of the affected firmware. Failed exploit attempts will likely result in denial-of-service conditions. Supermicro IPMI running firmware version SMT_X9_226 is vulnerable. Supermicro Intelligent Platform Management Interface (IPMI) is an IPMI card (Intelligent Platform Management Interface) of Supermicro, which can remotely control the system, such as remote booting, entering BIOS, etc. ##
This module requires Metasploit: https://metasploit.com/download
Current source: https://github.com/rapid7/metasploit-framework
require 'uri'
class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Scanner include Msf::Auxiliary::Report
def initialize(info = {}) super(update_info(info, 'Name' => 'Supermicro Onboard IPMI CGI Vulnerability Scanner', 'Description' => %q{ This module checks for known vulnerabilities in the CGI applications of Supermicro Onboard IPMI controllers. These issues currently include several unauthenticated buffer overflows in the login.cgi and close_window.cgi components. }, 'Author' => [ 'hdm', # Discovery and analysis 'juan vazquez' # Metasploit module ], 'License' => MSF_LICENSE, 'References' => [ [ 'CVE', '2013-3621' ], [ 'CVE', '2013-3623' ], [ 'URL', 'https://www.rapid7.com/blog/post/2013/11/06/supermicro-ipmi-firmware-vulnerabilities/'] ], 'DisclosureDate' => '2013-11-06'))
end
def is_supermicro? res = send_request_cgi( { "uri" => "/", "method" => "GET" })
if res and res.code == 200 and res.body.to_s =~ /ATEN International Co Ltd\./
return true
else
return false
end
end
def send_close_window_request(sess) res = send_request_cgi({ 'method' => 'POST', 'uri' => "/cgi/close_window.cgi", 'encode_params' => false, 'vars_post' => { 'sess_sid' => sess } })
return res
end
def check_close_window safe_check = Rex::Text.rand_text_alpha(20) trigger_check = Rex::Text.rand_text_alpha(132)
res = send_close_window_request(safe_check)
unless res and res.code == 200 and res.body.to_s =~ /Can't find action/
return false
end
res = send_close_window_request(trigger_check)
unless res and res.code == 500
return false
end
return true
end
def send_login_request(name) res = send_request_cgi({ 'method' => 'POST', 'uri' => "/cgi/login.cgi", 'encode_params' => false, 'vars_post' => { 'name' => name, 'pwd' => Rex::Text.rand_text_alpha(4) } })
return res
end
def check_login safe_check = Rex::Text.rand_text_alpha(20) trigger_check = Rex::Text.rand_text_alpha(300)
res = send_login_request(safe_check)
unless res and res.code == 200 and res.body.to_s =~ /ATEN International Co Ltd\./ and res.body.to_s =~ /top\.location\.href = location\.href/
return false
end
res = send_login_request(trigger_check)
unless res and res.code == 500
return false
end
return true
end
def run_host(ip) vprint_status("Checking if it's a Supermicro IPMI web interface...") if is_supermicro? vprint_good("Supermicro IPMI web interface found") else vprint_error("Supermicro IPMI web interface not found") return end
vprint_status("Checking CVE-2013-3621 (login.gi Buffer Overflow) ...")
result = check_login
if result
print_good("Vulnerable to CVE-2013-3621 (login.cgi Buffer Overflow)")
report_vuln({
:host => rhost,
:port => rport,
:proto => 'tcp',
:name => "Supermicro Onboard IPMI login.cgi Buffer Overflow",
:refs => self.references.select do |ref| ref.ctx_val == "2013-3621" end
})
end
vprint_status("Checking CVE-2013-3623 (close_window.gi Buffer Overflow) ...")
result = check_close_window
if result
print_good("Vulnerable to CVE-2013-3623 (close_window.cgi Buffer Overflow)")
report_vuln({
:host => rhost,
:port => rport,
:proto => 'tcp',
:name => "Supermicro Onboard IPMI close_window.cgi Buffer Overflow",
:refs => self.references.select { |ref| ref.ctx_val == "2013-3623" }
})
end
end end
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201312-0076",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "intelligent platform management",
"scope": "eq",
"trust": 1.6,
"vendor": "supermicro",
"version": "2.24"
},
{
"model": "intelligent platform management",
"scope": "lte",
"trust": 1.0,
"vendor": "supermicro",
"version": "2.26"
},
{
"model": "intelligent platform management interface",
"scope": "lt",
"trust": 0.8,
"vendor": "super micro computer",
"version": "3.15 (smt_x9_315)"
},
{
"model": "intelligent platform management",
"scope": "eq",
"trust": 0.6,
"vendor": "supermicro",
"version": "2.26"
},
{
"model": "micro computer supermicro ipmi smt x9 226",
"scope": null,
"trust": 0.3,
"vendor": "super",
"version": null
},
{
"model": "netscaler t1",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "netscaler service delivery appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "netscaler gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "netscaler application delivery controller",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "command center appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "cloudbridge",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "micro computer supermicro ipmi smt x9 315",
"scope": "ne",
"trust": 0.3,
"vendor": "super",
"version": null
}
],
"sources": [
{
"db": "BID",
"id": "63775"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005499"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-393"
},
{
"db": "NVD",
"id": "CVE-2013-3623"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:supermicro:intelligent_platform_management_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005499"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HD Moore of Rapid7",
"sources": [
{
"db": "BID",
"id": "63775"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-393"
}
],
"trust": 0.9
},
"cve": "CVE-2013-3623",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2013-3623",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-63625",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-3623",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2013-3623",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201311-393",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-63625",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2013-3623",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-63625"
},
{
"db": "VULMON",
"id": "CVE-2013-3623"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005499"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-393"
},
{
"db": "NVD",
"id": "CVE-2013-3623"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple stack-based buffer overflows in cgi/close_window.cgi in the web interface in the Intelligent Platform Management Interface (IPMI) with firmware before 3.15 (SMT_X9_315) on Supermicro X9 generation motherboards allow remote attackers to execute arbitrary code via the (1) sess_sid or (2) ACT parameter. Supermicro IPMI is prone to multiple buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied data. \nAttackers may be able to execute arbitrary code in the context of the affected firmware. Failed exploit attempts will likely result in denial-of-service conditions. \nSupermicro IPMI running firmware version SMT_X9_226 is vulnerable. Supermicro Intelligent Platform Management Interface (IPMI) is an IPMI card (Intelligent Platform Management Interface) of Supermicro, which can remotely control the system, such as remote booting, entering BIOS, etc. ##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nrequire \u0027uri\u0027\n\nclass MetasploitModule \u003c Msf::Auxiliary\n include Msf::Exploit::Remote::HttpClient\n include Msf::Auxiliary::Scanner\n include Msf::Auxiliary::Report\n\n def initialize(info = {})\n super(update_info(info,\n \u0027Name\u0027 =\u003e \u0027Supermicro Onboard IPMI CGI Vulnerability Scanner\u0027,\n \u0027Description\u0027 =\u003e %q{\n This module checks for known vulnerabilities in the CGI applications of\n Supermicro Onboard IPMI controllers. These issues currently include\n several unauthenticated buffer overflows in the login.cgi and close_window.cgi\n components. \n },\n \u0027Author\u0027 =\u003e\n [\n \u0027hdm\u0027, # Discovery and analysis\n \u0027juan vazquez\u0027 # Metasploit module\n ],\n \u0027License\u0027 =\u003e MSF_LICENSE,\n \u0027References\u0027 =\u003e\n [\n [ \u0027CVE\u0027, \u00272013-3621\u0027 ],\n [ \u0027CVE\u0027, \u00272013-3623\u0027 ],\n [ \u0027URL\u0027, \u0027https://www.rapid7.com/blog/post/2013/11/06/supermicro-ipmi-firmware-vulnerabilities/\u0027]\n ],\n \u0027DisclosureDate\u0027 =\u003e \u00272013-11-06\u0027))\n\n end\n\n def is_supermicro?\n res = send_request_cgi(\n {\n \"uri\" =\u003e \"/\",\n \"method\" =\u003e \"GET\"\n })\n\n if res and res.code == 200 and res.body.to_s =~ /ATEN International Co Ltd\\./\n return true\n else\n return false\n end\n end\n\n def send_close_window_request(sess)\n res = send_request_cgi({\n \u0027method\u0027 =\u003e \u0027POST\u0027,\n \u0027uri\u0027 =\u003e \"/cgi/close_window.cgi\",\n \u0027encode_params\u0027 =\u003e false,\n \u0027vars_post\u0027 =\u003e {\n \u0027sess_sid\u0027 =\u003e sess\n }\n })\n\n return res\n end\n\n def check_close_window\n safe_check = Rex::Text.rand_text_alpha(20)\n trigger_check = Rex::Text.rand_text_alpha(132)\n\n res = send_close_window_request(safe_check)\n\n unless res and res.code == 200 and res.body.to_s =~ /Can\u0027t find action/\n return false\n end\n\n res = send_close_window_request(trigger_check)\n\n unless res and res.code == 500\n return false\n end\n\n return true\n end\n\n def send_login_request(name)\n res = send_request_cgi({\n \u0027method\u0027 =\u003e \u0027POST\u0027,\n \u0027uri\u0027 =\u003e \"/cgi/login.cgi\",\n \u0027encode_params\u0027 =\u003e false,\n \u0027vars_post\u0027 =\u003e {\n \u0027name\u0027 =\u003e name,\n \u0027pwd\u0027 =\u003e Rex::Text.rand_text_alpha(4)\n }\n })\n\n return res\n end\n\n\n def check_login\n safe_check = Rex::Text.rand_text_alpha(20)\n trigger_check = Rex::Text.rand_text_alpha(300)\n\n res = send_login_request(safe_check)\n\n unless res and res.code == 200 and res.body.to_s =~ /ATEN International Co Ltd\\./ and res.body.to_s =~ /top\\.location\\.href = location\\.href/\n return false\n end\n\n res = send_login_request(trigger_check)\n\n unless res and res.code == 500\n return false\n end\n\n return true\n end\n\n\n def run_host(ip)\n vprint_status(\"Checking if it\u0027s a Supermicro IPMI web interface...\")\n if is_supermicro?\n vprint_good(\"Supermicro IPMI web interface found\")\n else\n vprint_error(\"Supermicro IPMI web interface not found\")\n return\n end\n\n vprint_status(\"Checking CVE-2013-3621 (login.gi Buffer Overflow) ...\")\n result = check_login\n if result\n print_good(\"Vulnerable to CVE-2013-3621 (login.cgi Buffer Overflow)\")\n report_vuln({\n :host =\u003e rhost,\n :port =\u003e rport,\n :proto =\u003e \u0027tcp\u0027,\n :name =\u003e \"Supermicro Onboard IPMI login.cgi Buffer Overflow\",\n :refs =\u003e self.references.select do |ref| ref.ctx_val == \"2013-3621\" end\n })\n end\n\n vprint_status(\"Checking CVE-2013-3623 (close_window.gi Buffer Overflow) ...\")\n result = check_close_window\n if result\n print_good(\"Vulnerable to CVE-2013-3623 (close_window.cgi Buffer Overflow)\")\n report_vuln({\n :host =\u003e rhost,\n :port =\u003e rport,\n :proto =\u003e \u0027tcp\u0027,\n :name =\u003e \"Supermicro Onboard IPMI close_window.cgi Buffer Overflow\",\n :refs =\u003e self.references.select { |ref| ref.ctx_val == \"2013-3623\" }\n })\n end\n\n end\nend\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-3623"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005499"
},
{
"db": "BID",
"id": "63775"
},
{
"db": "VULHUB",
"id": "VHN-63625"
},
{
"db": "VULMON",
"id": "CVE-2013-3623"
},
{
"db": "PACKETSTORM",
"id": "181154"
}
],
"trust": 2.16
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-63625",
"trust": 0.1,
"type": "unknown"
},
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=29666",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-63625"
},
{
"db": "VULMON",
"id": "CVE-2013-3623"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-3623",
"trust": 3.0
},
{
"db": "BID",
"id": "63775",
"trust": 2.1
},
{
"db": "EXPLOIT-DB",
"id": "29666",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005499",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201311-393",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "124046",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-83154",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-63625",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2013-3623",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "181154",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-63625"
},
{
"db": "VULMON",
"id": "CVE-2013-3623"
},
{
"db": "BID",
"id": "63775"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005499"
},
{
"db": "PACKETSTORM",
"id": "181154"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-393"
},
{
"db": "NVD",
"id": "CVE-2013-3623"
}
]
},
"id": "VAR-201312-0076",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-63625"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:49:33.165000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.supermicro.com.tw/index_home.cfm"
},
{
"title": "Firmware Fixes to Common Vulnerabilities and Exposures",
"trust": 0.8,
"url": "http://www.supermicro.com/products/nfo/files/IPMI/CVE_Update.pdf"
},
{
"title": "SMT_X9_315",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=47394"
},
{
"title": "Citrix Security Bulletins: Multiple Security Vulnerabilities in Citrix NetScaler Platform IPMI Lights Out Management (LOM) firmware",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins\u0026qid=eb059834b7f24e2562bcf592b6d0afbc"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2013-3623"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005499"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-393"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-63625"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005499"
},
{
"db": "NVD",
"id": "CVE-2013-3623"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.9,
"url": "https://community.rapid7.com/community/metasploit/blog/2013/11/06/supermicro-ipmi-firmware-vulnerabilities"
},
{
"trust": 2.6,
"url": "http://www.thomas-krenn.com/en/wiki/supermicro_ipmi_security_updates_november_2013"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/63775"
},
{
"trust": 1.8,
"url": "http://www.supermicro.com/products/nfo/files/ipmi/cve_update.pdf"
},
{
"trust": 1.8,
"url": "http://www.exploit-db.com/exploits/29666"
},
{
"trust": 1.5,
"url": "https://support.citrix.com/article/ctx216642"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3623"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3623"
},
{
"trust": 0.3,
"url": "http://www.supermicro.com/support/bios/firmware0.aspx"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/29666/"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=34571"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.rapid7.com/db/modules/exploit/linux/http/smt_ipmi_close_window_bof"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-3623"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-3621"
},
{
"trust": 0.1,
"url": "https://github.com/rapid7/metasploit-framework"
},
{
"trust": 0.1,
"url": "https://metasploit.com/download"
},
{
"trust": 0.1,
"url": "https://www.rapid7.com/blog/post/2013/11/06/supermicro-ipmi-firmware-vulnerabilities/\u0027]"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-63625"
},
{
"db": "VULMON",
"id": "CVE-2013-3623"
},
{
"db": "BID",
"id": "63775"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005499"
},
{
"db": "PACKETSTORM",
"id": "181154"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-393"
},
{
"db": "NVD",
"id": "CVE-2013-3623"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-63625"
},
{
"db": "VULMON",
"id": "CVE-2013-3623"
},
{
"db": "BID",
"id": "63775"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005499"
},
{
"db": "PACKETSTORM",
"id": "181154"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-393"
},
{
"db": "NVD",
"id": "CVE-2013-3623"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-12-10T00:00:00",
"db": "VULHUB",
"id": "VHN-63625"
},
{
"date": "2013-12-10T00:00:00",
"db": "VULMON",
"id": "CVE-2013-3623"
},
{
"date": "2013-11-06T00:00:00",
"db": "BID",
"id": "63775"
},
{
"date": "2013-12-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-005499"
},
{
"date": "2024-09-01T16:45:29",
"db": "PACKETSTORM",
"id": "181154"
},
{
"date": "2013-11-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201311-393"
},
{
"date": "2013-12-10T16:11:18.697000",
"db": "NVD",
"id": "CVE-2013-3623"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-15T00:00:00",
"db": "VULHUB",
"id": "VHN-63625"
},
{
"date": "2017-11-15T00:00:00",
"db": "VULMON",
"id": "CVE-2013-3623"
},
{
"date": "2016-09-09T17:00:00",
"db": "BID",
"id": "63775"
},
{
"date": "2013-12-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-005499"
},
{
"date": "2013-12-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201311-393"
},
{
"date": "2024-11-21T01:54:00.367000",
"db": "NVD",
"id": "CVE-2013-3623"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201311-393"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SuperMicro of X9 Run on generation motherboard IPMI Stack-based buffer overflow vulnerability in FW firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005499"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201311-393"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.