CVE-2018-13787
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
09/07/2018
Last modified:
17/06/2026
Description
Certain Supermicro X11S, X10, X9, X8SI, K1SP, C9X299, C7, B1, A2, and A1 products have a misconfigured Descriptor Region, allowing OS programs to modify firmware.
Impact
Base Score 3.x
6.70
Severity 3.x
MEDIUM
Base Score 2.0
7.20
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:supermicro:x11ssz_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:supermicro:x11ssz:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:supermicro:x11ssv_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:supermicro:x11ssv:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:supermicro:x11ssql_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:supermicro:x11ssql:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:supermicro:x11ssq_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:supermicro:x11ssq:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:supermicro:x11ssn_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:supermicro:x11ssn:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:supermicro:x11srm_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:supermicro:x11srm:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:supermicro:x11sra_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:supermicro:x11sra:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:supermicro:x11sba_firmware:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://blog.eclypsium.com/2018/06/07/firmware-vulnerabilities-in-supermicro-systems/
- https://www.bleepingcomputer.com/news/security/firmware-vulnerabilities-disclosed-in-supermicro-server-products/
- https://www.supermicro.com/support/security_Intel-SA-00088.cfm?pg=X10#tab
- https://blog.eclypsium.com/2018/06/07/firmware-vulnerabilities-in-supermicro-systems/
- https://www.bleepingcomputer.com/news/security/firmware-vulnerabilities-disclosed-in-supermicro-server-products/
- https://www.supermicro.com/support/security_Intel-SA-00088.cfm?pg=X10#tab



