CVE-2013-3609
Summary
| CVE | CVE-2013-3609 |
|---|---|
| State | PUBLISHED |
| Assigner | certcc |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2013-09-08 03:17:39 UTC |
| Updated | 2026-04-29 01:13:23 UTC |
| Description | The web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC*, H8DG*, H8SCM-F, H8SGL-F, H8SM*, X7SP*, X8DT*, X8SI*, X9DAX-*, X9DB*, X9DR*, X9QR*, X9SBAA-F, X9SC*, X9SPU-F, and X9SR* devices relies on JavaScript code on the client for authorization checks, which allows remote authenticated users to bypass intended access restrictions via a crafted request, related to the PrivilegeCallBack function. |
Risk And Classification
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
LowAuthentication
NoneConfidentiality
CompleteIntegrity
CompleteAvailability
CompleteAV:N/AC:L/Au:N/C:C/I:C/A:C
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Supermicro | H8dcl-6f | - | All | All | All |
| Hardware | Supermicro | H8dcl-if | - | All | All | All |
| Hardware | Supermicro | H8dct-hibqf | - | All | All | All |
| Hardware | Supermicro | H8dct-hln4f | - | All | All | All |
| Hardware | Supermicro | H8dct-ibqf | - | All | All | All |
| Hardware | Supermicro | H8dg6-f | - | All | All | All |
| Hardware | Supermicro | H8dgg-qf | - | All | All | All |
| Hardware | Supermicro | H8dgi-f | - | All | All | All |
| Hardware | Supermicro | H8dgt-hf | - | All | All | All |
| Hardware | Supermicro | H8dgt-hibqf | - | All | All | All |
| Hardware | Supermicro | H8dgt-hlf | - | All | All | All |
| Hardware | Supermicro | H8dgt-hlibqf | - | All | All | All |
| Hardware | Supermicro | H8dgu-f | - | All | All | All |
| Hardware | Supermicro | H8dgu-ln4f | - | All | All | All |
| Hardware | Supermicro | H8scm-f | - | All | All | All |
| Hardware | Supermicro | H8sgl-f | - | All | All | All |
| Hardware | Supermicro | H8sme-f | - | All | All | All |
| Hardware | Supermicro | H8sml-7 | - | All | All | All |
| Hardware | Supermicro | H8sml-7f | - | All | All | All |
| Hardware | Supermicro | H8sml-i | - | All | All | All |
| Hardware | Supermicro | H8sml-if | - | All | All | All |
| Hardware | Supermicro | X7spa-hf | - | All | All | All |
| Hardware | Supermicro | X7spa-hf-d525 | - | All | All | All |
| Hardware | Supermicro | X7spe-h-d525 | - | All | All | All |
| Hardware | Supermicro | X7spe-hf | - | All | All | All |
| Hardware | Supermicro | X7spe-hf-d525 | - | All | All | All |
| Hardware | Supermicro | X7spt-df-d525 | - | All | All | All |
| Hardware | Supermicro | X7spt-df-d525 | - | All | All | All |
| Hardware | Supermicro | X8dtl-3f | - | All | All | All |
| Hardware | Supermicro | X8dtl-6f | - | All | All | All |
| Hardware | Supermicro | X8dtl-if | - | All | All | All |
| Hardware | Supermicro | X8dtn -f | - | All | All | All |
| Hardware | Supermicro | X8dtn -f-lr | - | All | All | All |
| Hardware | Supermicro | X8dtu-6f | - | All | All | All |
| Hardware | Supermicro | X8dtu-6f -lr | - | All | All | All |
| Hardware | Supermicro | X8dtu-6tf | - | All | All | All |
| Hardware | Supermicro | X8dtu-6tf -lr | - | All | All | All |
| Hardware | Supermicro | X8dtu-ln4f | - | All | All | All |
| Hardware | Supermicro | X8dtu-ln4f -lr | - | All | All | All |
| Hardware | Supermicro | X8si6-f | - | All | All | All |
| Hardware | Supermicro | X8sia-f | - | All | All | All |
| Hardware | Supermicro | X8sie-f | - | All | All | All |
| Hardware | Supermicro | X8sie-ln4f | - | All | All | All |
| Hardware | Supermicro | X8sil-f | - | All | All | All |
| Hardware | Supermicro | X8sit-f | - | All | All | All |
| Hardware | Supermicro | X8sit-hf | - | All | All | All |
| Hardware | Supermicro | X8siu-f | - | All | All | All |
| Hardware | Supermicro | X9dax-7f | - | All | All | All |
| Hardware | Supermicro | X9dax-7f-hft | - | All | All | All |
| Hardware | Supermicro | X9dax-7tf | - | All | All | All |
| Hardware | Supermicro | X9dax-if | - | All | All | All |
| Hardware | Supermicro | X9dax-if-hft | - | All | All | All |
| Hardware | Supermicro | X9dax-itf | - | All | All | All |
| Hardware | Supermicro | X9db3-f | - | All | All | All |
| Hardware | Supermicro | X9db3-tpf | - | All | All | All |
| Hardware | Supermicro | X9dbi-f | - | All | All | All |
| Hardware | Supermicro | X9dbi-tpf | - | All | All | All |
| Hardware | Supermicro | X9dbl-3f | - | All | All | All |
| Hardware | Supermicro | X9dbl-if | - | All | All | All |
| Hardware | Supermicro | X9dbu-3f | - | All | All | All |
| Hardware | Supermicro | X9dbu-if | - | All | All | All |
| Hardware | Supermicro | X9dr3-f | - | All | All | All |
| Hardware | Supermicro | X9dr3-ln4f | - | All | All | All |
| Hardware | Supermicro | X9dr7-ln4f | - | All | All | All |
| Hardware | Supermicro | X9dr7-ln4f-jbod | - | All | All | All |
| Hardware | Supermicro | X9dr7-tf | - | All | All | All |
| Hardware | Supermicro | X9drd-7jln4f | - | All | All | All |
| Hardware | Supermicro | X9drd-7ln4f | - | All | All | All |
| Hardware | Supermicro | X9drd-7ln4f-jbod | - | All | All | All |
| Hardware | Supermicro | X9drd-ef | - | All | All | All |
| Hardware | Supermicro | X9drd-if | - | All | All | All |
| Hardware | Supermicro | X9dre-ln4f | - | All | All | All |
| Hardware | Supermicro | X9dre-tf | - | All | All | All |
| Hardware | Supermicro | X9drff | - | All | All | All |
| Hardware | Supermicro | X9drff-7 | - | All | All | All |
| Hardware | Supermicro | X9drff-7g | - | All | All | All |
| Hardware | Supermicro | X9drff-7tg | - | All | All | All |
| Hardware | Supermicro | X9drff-7t | - | All | All | All |
| Hardware | Supermicro | X9drff-7 | - | All | All | All |
| Hardware | Supermicro | X9drff-ig | - | All | All | All |
| Hardware | Supermicro | X9drff-itg | - | All | All | All |
| Hardware | Supermicro | X9drff-it | - | All | All | All |
| Hardware | Supermicro | X9drff-i | - | All | All | All |
| Hardware | Supermicro | X9drfr | - | All | All | All |
| Hardware | Supermicro | X9drg-hf | - | All | All | All |
| Hardware | Supermicro | X9drg-hf | - | All | All | All |
| Hardware | Supermicro | X9drg-htf | - | All | All | All |
| Hardware | Supermicro | X9drg-htf | - | All | All | All |
| Hardware | Supermicro | X9drh-7f | - | All | All | All |
| Hardware | Supermicro | X9drh-7tf | - | All | All | All |
| Hardware | Supermicro | X9drh-if | - | All | All | All |
| Hardware | Supermicro | X9drh-itf | - | All | All | All |
| Hardware | Supermicro | X9dri-f | - | All | All | All |
| Hardware | Supermicro | X9dri-ln4f | - | All | All | All |
| Hardware | Supermicro | X9drl-3f | - | All | All | All |
| Hardware | Supermicro | X9drl-ef | - | All | All | All |
| Hardware | Supermicro | X9drl-if | - | All | All | All |
| Hardware | Supermicro | X9drt-f | - | All | All | All |
| Hardware | Supermicro | X9drt-h6f | - | All | All | All |
| Hardware | Supermicro | X9drt-h6ibff | - | All | All | All |
| Hardware | Supermicro | X9drt-h6ibqf | - | All | All | All |
| Hardware | Supermicro | X9drt-hf | - | All | All | All |
| Hardware | Supermicro | X9drt-ibff | - | All | All | All |
| Hardware | Supermicro | X9drt-ibqf | - | All | All | All |
| Hardware | Supermicro | X9drw-3ln4f | - | All | All | All |
| Hardware | Supermicro | X9drw-3tf | - | All | All | All |
| Hardware | Supermicro | X9drw-7tpf | - | All | All | All |
| Hardware | Supermicro | X9drw-itpf | - | All | All | All |
| Hardware | Supermicro | X9drx -f | - | All | All | All |
| Hardware | Supermicro | X9qr7-tf | - | All | All | All |
| Hardware | Supermicro | X9qr7-tf-jbod | - | All | All | All |
| Hardware | Supermicro | X9qr7-tf | - | All | All | All |
| Hardware | Supermicro | X9qri-f | - | All | All | All |
| Hardware | Supermicro | X9qri-f | - | All | All | All |
| Hardware | Supermicro | X9sbaa-f | - | All | All | All |
| Hardware | Supermicro | X9sca-f | - | All | All | All |
| Hardware | Supermicro | X9scd-f | - | All | All | All |
| Hardware | Supermicro | X9sce-f | - | All | All | All |
| Hardware | Supermicro | X9scff-f | - | All | All | All |
| Hardware | Supermicro | X9sci-ln4f | - | All | All | All |
| Hardware | Supermicro | X9scl-f | - | All | All | All |
| Hardware | Supermicro | X9scl -f | - | All | All | All |
| Hardware | Supermicro | X9scm-f | - | All | All | All |
| Hardware | Supermicro | X9scm-iif | - | All | All | All |
| Hardware | Supermicro | X9spu-f | - | All | All | All |
| Hardware | Supermicro | X9srd-f | - | All | All | All |
| Hardware | Supermicro | X9sre-3f | - | All | All | All |
| Hardware | Supermicro | X9sre-f | - | All | All | All |
| Hardware | Supermicro | X9srg-f | - | All | All | All |
| Hardware | Supermicro | X9sri-3f | - | All | All | All |
| Hardware | Supermicro | X9sri-f | - | All | All | All |
| Hardware | Supermicro | X9srl-f | - | All | All | All |
| Hardware | Supermicro | X9srw-f | - | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Vulnerability Note VU#648646 - Supermicro IPMI based on ATEN firmware contain multiple vulnerabilities | af854a3a-2127-422b-91ae-364da2661108 | www.kb.cert.org | US Government Resource |
| www.usenix.org/system/files/conference/woot13/woot13-bonkoski_0.pdf | af854a3a-2127-422b-91ae-364da2661108 | www.usenix.org | Exploit |
| Supermicro IPMI Web Interface Unspecified Remote Privilege Escalation Vulnerability | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | |
| Multiple Security Vulnerabilities in Citrix NetScaler Platform IPMI Lights Out Management (LOM) firmware | af854a3a-2127-422b-91ae-364da2661108 | support.citrix.com | |
| Supermicro IPMI Security Updates November 2013 - Thomas Krenn Wiki | af854a3a-2127-422b-91ae-364da2661108 | www.thomas-krenn.com | |
| www.supermicro.com/products/nfo/files/IPMI/CVE_Update.pdf | af854a3a-2127-422b-91ae-364da2661108 | www.supermicro.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.