First published: Sun Sep 08 2013(Updated: )
Multiple stack-based buffer overflows in the web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC*, H8DG*, H8SCM-F, H8SGL-F, H8SM*, X7SP*, X8DT*, X8SI*, X9DAX-*, X9DB*, X9DR*, X9QR*, X9SBAA-F, X9SC*, X9SPU-F, and X9SR* devices allow remote attackers to execute arbitrary code on the Baseboard Management Controller (BMC), as demonstrated by the (1) username or (2) password field in login.cgi.
Credit: cret@cert.org
Affected Software | Affected Version | How to fix |
---|---|---|
Supermicro H8DCL-6F | ||
Supermicro H8DCL-IF | ||
Supermicro H8DCT-HIBQF | ||
Supermicro H8DCT-HLN4F | ||
Supermicro H8DCT-IBQF | ||
Supermicro H8DG6-F | ||
Supermicro H8DGG-QF | ||
Supermicro H8DGI-F | ||
Supermicro H8DGT-HF | ||
Supermicro H8DGT-HIBQF | ||
Supermicro H8DGT-HLF | ||
Supermicro H8DGT-HLIBQF | ||
Supermicro H8DGU-F | ||
Supermicro H8DGU-LN4F+ | ||
Supermicro H8SCM-F | ||
Supermicro H8SGL-F | ||
Supermicro H8SME-F | ||
Supermicro H8SML-7 | ||
Supermicro H8SML-7F | ||
Supermicro H8SML-I | ||
Supermicro H8DCL-IF | ||
Supermicro X7SPA-HF-D525 | ||
Supermicro X7SPA-HF-D525 | ||
Supermicro X7SPE-H-D525 | ||
Supermicro X7SPE-HF | ||
Supermicro X7SPE-HF-D525 | ||
Supermicro X7SPT-DF-D525 | ||
Supermicro X7SPT-DF-D525+ | ||
Supermicro X8DTL-3F | ||
Supermicro X8DTL-6F | ||
Supermicro X8DTL-IF | ||
Supermicro x8dtn+-f | ||
Supermicro X8DTN+ | ||
Supermicro X8DTU-6F+ | ||
Supermicro X8DTU-6F+-LR | ||
Supermicro X8DTU-6TF+ | ||
Supermicro x8dtu-6tf+-lr | ||
Supermicro x8dtu-ln4f+ | ||
Supermicro X8DTU-LN4F+-LR | ||
Supermicro X8SI6-F | ||
Supermicro X8SIA Firmware | ||
Supermicro X8SIE Firmware | ||
Supermicro X8SIEx LN4F | ||
Supermicro X8SIL Firmware | ||
Supermicro X8SIT-F | ||
Supermicro X8SIT-HF | ||
Supermicro X8SIU-F | ||
Supermicro X9DAX-7F-HFT | ||
Supermicro X9DAX-7F | ||
Supermicro X9DAX-7F | ||
Supermicro X9DAX-7F | ||
Supermicro X9DAX-7/IF-HFT Firmware | ||
Supermicro X9DAX-7F | ||
Supermicro X9DB3-F | ||
Supermicro X9DB3/i-(TP)F | ||
Supermicro X9DBI-F | ||
Supermicro X9DBI-TPF | ||
Supermicro X9DBL-3/I(F) Firmware | ||
Supermicro X9DBL-IF | ||
Supermicro X9DBU-3F | ||
Supermicro X9DBU-IF | ||
Supermicro X9DR3-F | ||
Supermicro X9DR3-LN4F+ | ||
Supermicro X9DR7/E-LN4F Firmware | ||
Supermicro X9QR7-TF JBOD | ||
Supermicro X9DR7-TF+ | ||
Supermicro X9DRD-7JLNF | ||
Supermicro X9DRD-7LN4F Series Firmware | ||
Supermicro x9drd-7jln4f | ||
Supermicro X9DRD-EF Firmware | ||
Supermicro X9DRD-L/IF Firmware | ||
Supermicro X9DRE-LN4F | ||
Supermicro x9dre-tf+ | ||
Supermicro X9DRFF-7 | ||
Supermicro X9DRFF-7 Firmware | ||
Supermicro X9DRFF-7+ | ||
Supermicro X9DRFF-7G+ | ||
Supermicro X9DRFF-7T+ | ||
Supermicro X9DRFF-7TG+ | ||
Supermicro X9DRFF-I+ | ||
Supermicro X9DRFF-IG+ | ||
Supermicro X9DRFF-IT+ | ||
Supermicro X9 DRFF-ITG+ | ||
Supermicro X9DRFR | ||
Supermicro X9DRG-HF | ||
Supermicro X9DRG-HF+ | ||
Supermicro x9drg-h(t)f | ||
Supermicro x9drg-htf+ | ||
Supermicro X9DRH-7TF | ||
Supermicro X9DRH-7/i(T)F Firmware | ||
Supermicro X9DRH-IF | ||
Supermicro X9DRH-7/i(T)F Firmware | ||
Supermicro X9DRi-F | ||
Supermicro X9DRI-LN4F+ | ||
Supermicro X9DRL-3F | ||
Supermicro X9DRL-EF | ||
Supermicro X9DRL-IF | ||
Supermicro X9DRT-F | ||
Supermicro X9DRT-H Series Firmware | ||
Supermicro X9DRT-H6IBFF | ||
Supermicro X9DRT-IBQF | ||
Supermicro X9DRT-HF+ | ||
Supermicro x9drt-h series | ||
Supermicro X9DRT-IBQF | ||
Supermicro X9DRW-3LN4F+ | ||
Supermicro X9DRW-3TF+ | ||
Supermicro X9DRW-7TPF+ | ||
Supermicro X9DRW-ITPF+ | ||
Supermicro X9DRX+-F | ||
Supermicro X9QR7-TF JBOD | ||
Supermicro X9QR7-TF+ | ||
Supermicro X9QR7-TF JBOD | ||
Supermicro X9QRI-F+ | ||
Supermicro X9QRI-F+ | ||
Supermicro X9SBAA-F | ||
Supermicro X9SCA-F | ||
Supermicro X9SCF-F | ||
Supermicro X9SC Series | ||
Supermicro X9SC Series | ||
Supermicro X9SCI-LN4(F) Firmware | ||
Supermicro X9SCL-F | ||
Supermicro X9SC Series | ||
Supermicro X9SCM(-F) Firmware | ||
Supermicro X9SCM-IIF | ||
Supermicro X9SPU-F | ||
Supermicro X9 Series | ||
Supermicro X9SRE/i Series | ||
Supermicro X9SRE/i Series | ||
Supermicro X9SRG-F | ||
Supermicro X9SRI-3F | ||
Supermicro X9SRI-F | ||
Supermicro X9SRL-F Firmware | ||
Supermicro X9SRW-F Firmware |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2013-3607 is classified as a critical vulnerability due to multiple stack-based buffer overflows that allow remote attackers to execute arbitrary code.
To fix CVE-2013-3607, update to the latest firmware released by Supermicro for the affected hardware models.
CVE-2013-3607 affects multiple Supermicro devices including H8DC*, H8DG*, and X9DAX* among others.
CVE-2013-3607 is a stack-based buffer overflow vulnerability impacting the web interface of the IPMI implementation.
Yes, CVE-2013-3607 can be exploited remotely by attackers to gain unauthorized access to the device.