CVE-2013-3609
Severity CVSS v4.0:
Pending analysis
Type:
CWE-20
Input Validation
Publication date:
08/09/2013
Last modified:
11/04/2025
Description
The web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC*, H8DG*, H8SCM-F, H8SGL-F, H8SM*, X7SP*, X8DT*, X8SI*, X9DAX-*, X9DB*, X9DR*, X9QR*, X9SBAA-F, X9SC*, X9SPU-F, and X9SR* devices relies on JavaScript code on the client for authorization checks, which allows remote authenticated users to bypass intended access restrictions via a crafted request, related to the PrivilegeCallBack function.
Impact
Base Score 2.0
10.00
Severity 2.0
HIGH
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:h:supermicro:h8dcl-6f:-:*:*:*:*:*:*:* | ||
cpe:2.3:h:supermicro:h8dcl-if:-:*:*:*:*:*:*:* | ||
cpe:2.3:h:supermicro:h8dct-hibqf:-:*:*:*:*:*:*:* | ||
cpe:2.3:h:supermicro:h8dct-hln4f:-:*:*:*:*:*:*:* | ||
cpe:2.3:h:supermicro:h8dct-ibqf:-:*:*:*:*:*:*:* | ||
cpe:2.3:h:supermicro:h8dg6-f:-:*:*:*:*:*:*:* | ||
cpe:2.3:h:supermicro:h8dgg-qf:-:*:*:*:*:*:*:* | ||
cpe:2.3:h:supermicro:h8dgi-f:-:*:*:*:*:*:*:* | ||
cpe:2.3:h:supermicro:h8dgt-hf:-:*:*:*:*:*:*:* | ||
cpe:2.3:h:supermicro:h8dgt-hibqf:-:*:*:*:*:*:*:* | ||
cpe:2.3:h:supermicro:h8dgt-hlf:-:*:*:*:*:*:*:* | ||
cpe:2.3:h:supermicro:h8dgt-hlibqf:-:*:*:*:*:*:*:* | ||
cpe:2.3:h:supermicro:h8dgu-f:-:*:*:*:*:*:*:* | ||
cpe:2.3:h:supermicro:h8dgu-ln4f\+:-:*:*:*:*:*:*:* | ||
cpe:2.3:h:supermicro:h8scm-f:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://www.kb.cert.org/vuls/id/648646
- http://www.securityfocus.com/bid/62098
- http://www.supermicro.com/products/nfo/files/IPMI/CVE_Update.pdf
- http://www.thomas-krenn.com/en/wiki/Supermicro_IPMI_Security_Updates_November_2013
- https://support.citrix.com/article/CTX216642
- https://www.usenix.org/system/files/conference/woot13/woot13-bonkoski_0.pdf
- http://www.kb.cert.org/vuls/id/648646
- http://www.securityfocus.com/bid/62098
- http://www.supermicro.com/products/nfo/files/IPMI/CVE_Update.pdf
- http://www.thomas-krenn.com/en/wiki/Supermicro_IPMI_Security_Updates_November_2013
- https://support.citrix.com/article/CTX216642
- https://www.usenix.org/system/files/conference/woot13/woot13-bonkoski_0.pdf