CVE-2013-3609: Input Validation
First published: Sun Sep 08 2013(Updated: )
The web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC*, H8DG*, H8SCM-F, H8SGL-F, H8SM*, X7SP*, X8DT*, X8SI*, X9DAX-*, X9DB*, X9DR*, X9QR*, X9SBAA-F, X9SC*, X9SPU-F, and X9SR* devices relies on JavaScript code on the client for authorization checks, which allows remote authenticated users to bypass intended access restrictions via a crafted request, related to the PrivilegeCallBack function.
Credit: cret@cert.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Supermicro H8DCL-6F | ||
| Supermicro H8DCL-IF | ||
| Supermicro H8DCT-HIBQF | ||
| Supermicro H8DCT-HLN4F | ||
| Supermicro H8DCT-IBQF | ||
| Supermicro H8DG6-F | ||
| Supermicro H8DGG-QF | ||
| Supermicro H8DGI-F | ||
| Supermicro H8DGT-HF | ||
| Supermicro H8DGT-HIBQF | ||
| Supermicro H8DGT-HLF | ||
| Supermicro H8DGT-HLIBQF | ||
| Supermicro H8DGU-F | ||
| Supermicro H8DGU-LN4F+ | ||
| Supermicro H8SCM-F | ||
| Supermicro H8SGL-F | ||
| Supermicro H8SME-F | ||
| Supermicro H8SML-7 | ||
| Supermicro H8SML-7F | ||
| Supermicro H8SML-I | ||
| Supermicro H8DCL-IF | ||
| Supermicro X7SPA-HF-D525 | ||
| Supermicro X7SPA-HF-D525 | ||
| Supermicro X7SPE-H-D525 | ||
| Supermicro X7SPE-HF | ||
| Supermicro X7SPE-HF-D525 | ||
| Supermicro X7SPT-DF-D525 | ||
| Supermicro X7SPT-DF-D525+ | ||
| Supermicro X8DTL-3F | ||
| Supermicro X8DTL-6F | ||
| Supermicro X8DTL-IF | ||
| Supermicro x8dtn+-f | ||
| Supermicro X8DTN+ | ||
| Supermicro X8DTU-6F+ | ||
| Supermicro X8DTU-6F+-LR | ||
| Supermicro X8DTU-6TF+ | ||
| Supermicro x8dtu-6tf+-lr | ||
| Supermicro x8dtu-ln4f+ | ||
| Supermicro X8DTU-LN4F+-LR | ||
| Supermicro X8SI6-F | ||
| Supermicro X8SIA Firmware | ||
| Supermicro X8SIE Firmware | ||
| Supermicro X8SIEx LN4F | ||
| Supermicro X8SIL Firmware | ||
| Supermicro X8SIT-F | ||
| Supermicro X8SIT-HF | ||
| Supermicro X8SIU-F | ||
| Supermicro X9DAX-7F-HFT | ||
| Supermicro X9DAX-7F | ||
| Supermicro X9DAX-7F | ||
| Supermicro X9DAX-7F | ||
| Supermicro X9DAX-7/IF-HFT Firmware | ||
| Supermicro X9DAX-7F | ||
| Supermicro X9DB3-F | ||
| Supermicro X9DB3/i-(TP)F | ||
| Supermicro X9DBI-F | ||
| Supermicro X9DBI-TPF | ||
| Supermicro X9DBL-3F | ||
| Supermicro X9DBL-IF | ||
| Supermicro X9DBU-3F | ||
| Supermicro X9DBU-IF | ||
| Supermicro X9DR3-F | ||
| Supermicro X9DR3-LN4F+ | ||
| Supermicro X9DR7/E-LN4F Firmware | ||
| Supermicro X9QR7-TF JBOD | ||
| Supermicro X9DR7-TF+ | ||
| Supermicro X9DRD-7JLNF | ||
| Supermicro X9DRD-7LN4F Series Firmware | ||
| Supermicro x9drd-7jln4f | ||
| Supermicro X9DRD-EF Firmware | ||
| Supermicro X9DRD-L/IF Firmware | ||
| Supermicro X9DRE-LN4F | ||
| Supermicro x9dre-tf+ | ||
| Supermicro X9DRFF-7 | ||
| Supermicro X9DRFF-7 | ||
| Supermicro X9DRFF-7+ | ||
| Supermicro X9DRFF-7G+ | ||
| Supermicro X9DRFF-7T+ | ||
| Supermicro X9DRFF-7TG+ | ||
| Supermicro X9DRFF-I+ | ||
| Supermicro X9DRFF-IG+ | ||
| Supermicro X9DRFF-IT+ | ||
| Supermicro X9 DRFF-ITG+ | ||
| Supermicro X9DRFR | ||
| Supermicro X9DRG-HF | ||
| Supermicro X9DRG-HF+ | ||
| Supermicro x9drg-h(t)f | ||
| Supermicro x9drg-htf+ | ||
| Supermicro X9DRH-7TF | ||
| Supermicro X9DRH-7/i(T)F | ||
| Supermicro X9DRH-IF | ||
| Supermicro X9DRH-7/i(T)F | ||
| Supermicro X9DRi-F | ||
| Supermicro X9DRI-LN4F+ | ||
| Supermicro X9DRL-3F | ||
| Supermicro X9DRL-EF | ||
| Supermicro X9DRL-IF | ||
| Supermicro X9DRT-F | ||
| Supermicro X9DRT-H6F | ||
| Supermicro X9DRT-H6IBFF | ||
| Supermicro X9DRT-IBQF | ||
| Supermicro X9DRT-HF+ | ||
| Supermicro x9drt-h series | ||
| Supermicro X9DRT-IBQF | ||
| Supermicro X9DRW-3LN4F+ | ||
| Supermicro X9DRW-3TF+ | ||
| Supermicro X9DRW-7TPF+ | ||
| Supermicro X9DRW-ITPF+ | ||
| Supermicro X9DRX+-F | ||
| Supermicro X9QR7-TF JBOD | ||
| Supermicro X9QR7-TF+ | ||
| Supermicro X9QR7-TF JBOD | ||
| Supermicro X9QRI-F+ | ||
| Supermicro X9QRI-F+ | ||
| Supermicro X9SBAA-F | ||
| Supermicro X9SCA-F | ||
| Supermicro X9SCF-F | ||
| Supermicro X9SC Series | ||
| Supermicro X9SC Series | ||
| Supermicro X9SCI-LN4(F) Firmware | ||
| Supermicro X9SCL-F | ||
| Supermicro X9SC Series | ||
| Supermicro X9SC Series | ||
| Supermicro X9SCM-IIF | ||
| Supermicro X9SPU-F | ||
| Supermicro X9SRD-F Firmware | ||
| Supermicro X9SRE/i Series | ||
| Supermicro X9SRE/i Series | ||
| Supermicro X9SRG-F | ||
| Supermicro X9SRI-3F | ||
| Supermicro X9SRI-F | ||
| Supermicro X9SRL-F Firmware | ||
| Supermicro X9SRW-F Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.kb.cert.org/vuls/id/648646
- http://www.securityfocus.com/bid/62098
- http://www.supermicro.com/products/nfo/files/IPMI/CVE_Update.pdf
- http://www.thomas-krenn.com/en/wiki/Supermicro_IPMI_Security_Updates_November_2013
- https://support.citrix.com/article/CTX216642
- https://www.usenix.org/system/files/conference/woot13/woot13-bonkoski_0.pdf
Frequently Asked Questions
What is the severity of CVE-2013-3609?
CVE-2013-3609 is classified as a high severity vulnerability due to its potential impact on system security.
How do I fix CVE-2013-3609?
To fix CVE-2013-3609, users should update to the latest firmware version provided by Supermicro that addresses this vulnerability.
What types of devices are affected by CVE-2013-3609?
CVE-2013-3609 affects various Supermicro devices including models from the H8, X7, X8, and X9 series.
What is the nature of CVE-2013-3609 vulnerability?
CVE-2013-3609 is a security flaw in the IPMI web interface that improperly handles authorization checks using client-side JavaScript.
Can CVE-2013-3609 be exploited remotely?
Yes, CVE-2013-3609 can be exploited remotely, allowing attackers to potentially gain unauthorized access to the affected devices.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/supermicro
- canonical/supermicro h8dcl-6f
- canonical/supermicro h8dcl-if
- canonical/supermicro h8dct-hibqf
- canonical/supermicro h8dct-hln4f
- canonical/supermicro h8dct-ibqf
- canonical/supermicro h8dg6-f
- canonical/supermicro h8dgg-qf
- canonical/supermicro h8dgi-f
- canonical/supermicro h8dgt-hf
- canonical/supermicro h8dgt-hibqf
- canonical/supermicro h8dgt-hlf
- canonical/supermicro h8dgt-hlibqf
- canonical/supermicro h8dgu-f
- canonical/supermicro h8dgu-ln4f+
- canonical/supermicro h8scm-f
- canonical/supermicro h8sgl-f
- canonical/supermicro h8sme-f
- canonical/supermicro h8sml-7
- canonical/supermicro h8sml-7f
- canonical/supermicro h8sml-i
- canonical/supermicro x7spa-hf-d525
- canonical/supermicro x7spe-h-d525
- canonical/supermicro x7spe-hf
- canonical/supermicro x7spe-hf-d525
- canonical/supermicro x7spt-df-d525
- canonical/supermicro x7spt-df-d525+
- canonical/supermicro x8dtl-3f
- canonical/supermicro x8dtl-6f
- canonical/supermicro x8dtl-if
- canonical/supermicro x8dtn+-f
- canonical/supermicro x8dtn+
- canonical/supermicro x8dtu-6f+
- canonical/supermicro x8dtu-6f+-lr
- canonical/supermicro x8dtu-6tf+
- canonical/supermicro x8dtu-6tf+-lr
- canonical/supermicro x8dtu-ln4f+
- canonical/supermicro x8dtu-ln4f+-lr
- canonical/supermicro x8si6-f
- canonical/supermicro x8sia firmware
- canonical/supermicro x8sie firmware
- canonical/supermicro x8siex ln4f
- canonical/supermicro x8sil firmware
- canonical/supermicro x8sit-f
- canonical/supermicro x8sit-hf
- canonical/supermicro x8siu-f
- canonical/supermicro x9dax-7f-hft
- canonical/supermicro x9dax-7f
- canonical/supermicro x9dax-7/if-hft firmware
- canonical/supermicro x9db3-f
- canonical/supermicro x9db3/i-(tp)f
- canonical/supermicro x9dbi-f
- canonical/supermicro x9dbi-tpf
- canonical/supermicro x9dbl-3f
- canonical/supermicro x9dbl-if
- canonical/supermicro x9dbu-3f
- canonical/supermicro x9dbu-if
- canonical/supermicro x9dr3-f
- canonical/supermicro x9dr3-ln4f+
- canonical/supermicro x9dr7/e-ln4f firmware
- canonical/supermicro x9qr7-tf jbod
- canonical/supermicro x9dr7-tf+
- canonical/supermicro x9drd-7jlnf
- canonical/supermicro x9drd-7ln4f series firmware
- canonical/supermicro x9drd-7jln4f
- canonical/supermicro x9drd-ef firmware
- canonical/supermicro x9drd-l/if firmware
- canonical/supermicro x9dre-ln4f
- canonical/supermicro x9dre-tf+
- canonical/supermicro x9drff-7
- canonical/supermicro x9drff-7+
- canonical/supermicro x9drff-7g+
- canonical/supermicro x9drff-7t+
- canonical/supermicro x9drff-7tg+
- canonical/supermicro x9drff-i+
- canonical/supermicro x9drff-ig+
- canonical/supermicro x9drff-it+
- canonical/supermicro x9 drff-itg+
- canonical/supermicro x9drfr
- canonical/supermicro x9drg-hf
- canonical/supermicro x9drg-hf+
- canonical/supermicro x9drg-h(t)f
- canonical/supermicro x9drg-htf+
- canonical/supermicro x9drh-7tf
- canonical/supermicro x9drh-7/i(t)f
- canonical/supermicro x9drh-if
- canonical/supermicro x9dri-f
- canonical/supermicro x9dri-ln4f+
- canonical/supermicro x9drl-3f
- canonical/supermicro x9drl-ef
- canonical/supermicro x9drl-if
- canonical/supermicro x9drt-f
- canonical/supermicro x9drt-h6f
- canonical/supermicro x9drt-h6ibff
- canonical/supermicro x9drt-ibqf
- canonical/supermicro x9drt-hf+
- canonical/supermicro x9drt-h series
- canonical/supermicro x9drw-3ln4f+
- canonical/supermicro x9drw-3tf+
- canonical/supermicro x9drw-7tpf+
- canonical/supermicro x9drw-itpf+
- canonical/supermicro x9drx+-f
- canonical/supermicro x9qr7-tf+
- canonical/supermicro x9qri-f+
- canonical/supermicro x9sbaa-f
- canonical/supermicro x9sca-f
- canonical/supermicro x9scf-f
- canonical/supermicro x9sc series
- canonical/supermicro x9sci-ln4(f) firmware
- canonical/supermicro x9scl-f
- canonical/supermicro x9scm-iif
- canonical/supermicro x9spu-f
- canonical/supermicro x9srd-f firmware
- canonical/supermicro x9sre/i series
- canonical/supermicro x9srg-f
- canonical/supermicro x9sri-3f
- canonical/supermicro x9sri-f
- canonical/supermicro x9srl-f firmware
- canonical/supermicro x9srw-f firmware