CVE-2013-3619
Severity CVSS v4.0:
Pending analysis
Type:
CWE-798
Use of Hard-coded Credentials
Publication date:
02/01/2020
Last modified:
15/01/2020
Description
Intelligent Platform Management Interface (IPMI) with firmware for Supermicro X9 generation motherboards before SMT_X9_317 and firmware for Supermicro X8 generation motherboards before SMT X8 312 contain harcoded private encryption keys for the (1) Lighttpd web server SSL interface and the (2) Dropbear SSH daemon.
Impact
Base Score 3.x
8.10
Severity 3.x
HIGH
Base Score 2.0
4.30
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:supermicro:smt_x9_firmware:*:*:*:*:*:*:*:* | 3.15 (excluding) | |
| cpe:2.3:h:supermicro:sh7758:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:supermicro:smt_x8_firmware:*:*:*:*:*:*:*:* | 3.12 (excluding) | |
| cpe:2.3:h:supermicro:sh7757:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:citrix:netscaler_sdx_firmware:10:*:*:*:*:*:*:* | ||
| cpe:2.3:h:citrix:netscaler_sdx:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:citrix:netscaler_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:citrix:netscaler:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:citrix:netscaler_sd-wan_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:citrix:netscaler_sd-wan:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://support.citrix.com/article/CTX216642
- https://community.rapid7.com/community/metasploit/blog/2013/11/05/supermicro-ipmi-firmware-vulnerabilities
- https://exchange.xforce.ibmcloud.com/vulnerabilities/89044
- https://support.citrix.com/article/CTX216642
- https://www.supermicro.com/products/nfo/files/IPMI/CVE_Update.pdf