CVE-2013-3609: Input Validation
First published: Sun Sep 08 2013(Updated: )
The web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC*, H8DG*, H8SCM-F, H8SGL-F, H8SM*, X7SP*, X8DT*, X8SI*, X9DAX-*, X9DB*, X9DR*, X9QR*, X9SBAA-F, X9SC*, X9SPU-F, and X9SR* devices relies on JavaScript code on the client for authorization checks, which allows remote authenticated users to bypass intended access restrictions via a crafted request, related to the PrivilegeCallBack function.
Credit: cret@cert.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Supermicro H8dcl-6f | ||
| Supermicro H8dcl-if | ||
| Supermicro H8dct-hibqf | ||
| Supermicro H8dct-hln4f | ||
| Supermicro H8dct-ibqf | ||
| Supermicro H8dg6-f | ||
| Supermicro H8dgg-qf | ||
| Supermicro H8dgi-f | ||
| Supermicro H8dgt-hf | ||
| Supermicro H8dgt-hibqf | ||
| Supermicro H8dgt-hlf | ||
| Supermicro H8dgt-hlibqf | ||
| Supermicro H8dgu-f | ||
| Supermicro H8dgu-ln4f\+ | ||
| Supermicro H8scm-f | ||
| Supermicro H8sgl-f | ||
| Supermicro H8sme-f | ||
| Supermicro H8sml-7 | ||
| Supermicro H8sml-7f | ||
| Supermicro H8sml-i | ||
| Supermicro H8sml-if | ||
| Supermicro X7spa-hf | ||
| Supermicro X7spa-hf-d525 | ||
| Supermicro X7spe-h-d525 | ||
| Supermicro X7spe-hf | ||
| Supermicro X7spe-hf-d525 | ||
| Supermicro X7spt-df-d525 | ||
| Supermicro X7spt-df-d525\+ | ||
| Supermicro X8dtl-3f | ||
| Supermicro X8dtl-6f | ||
| Supermicro X8dtl-if | ||
| Supermicro X8dtn\+-f | ||
| Supermicro X8dtn\+-f-lr | ||
| Supermicro X8dtu-6f\+ | ||
| Supermicro X8dtu-6f\+-lr | ||
| Supermicro X8dtu-6tf\+ | ||
| Supermicro X8dtu-6tf\+-lr | ||
| Supermicro X8dtu-ln4f\+ | ||
| Supermicro X8dtu-ln4f\+-lr | ||
| Supermicro X8si6-f | ||
| Supermicro X8sia-f | ||
| Supermicro X8sie-f | ||
| Supermicro X8sie-ln4f | ||
| Supermicro X8sil-f | ||
| Supermicro X8sit-f | ||
| Supermicro X8sit-hf | ||
| Supermicro X8siu-f | ||
| Supermicro X9dax-7f | ||
| Supermicro X9dax-7f-hft | ||
| Supermicro X9dax-7tf | ||
| Supermicro X9dax-if | ||
| Supermicro X9dax-if-hft | ||
| Supermicro X9dax-itf | ||
| Supermicro X9db3-f | ||
| Supermicro X9db3-tpf | ||
| Supermicro X9dbi-f | ||
| Supermicro X9dbi-tpf | ||
| Supermicro X9dbl-3f | ||
| Supermicro X9dbl-if | ||
| Supermicro X9dbu-3f | ||
| Supermicro X9dbu-if | ||
| Supermicro X9dr3-f | ||
| Supermicro X9dr3-ln4f\+ | ||
| Supermicro X9dr7-ln4f | ||
| Supermicro X9dr7-ln4f-jbod | ||
| Supermicro X9dr7-tf\+ | ||
| Supermicro X9drd-7jln4f | ||
| Supermicro X9drd-7ln4f | ||
| Supermicro X9drd-7ln4f-jbod | ||
| Supermicro X9drd-ef | ||
| Supermicro X9drd-if | ||
| Supermicro X9dre-ln4f | ||
| Supermicro X9dre-tf\+ | ||
| Supermicro X9drff | ||
| Supermicro X9drff-7 | ||
| Supermicro X9drff-7\+ | ||
| Supermicro X9drff-7g\+ | ||
| Supermicro X9drff-7t\+ | ||
| Supermicro X9drff-7tg\+ | ||
| Supermicro X9drff-i\+ | ||
| Supermicro X9drff-ig\+ | ||
| Supermicro X9drff-it\+ | ||
| Supermicro X9drff-itg\+ | ||
| Supermicro X9drfr | ||
| Supermicro X9drg-hf | ||
| Supermicro X9drg-hf\+ | ||
| Supermicro X9drg-htf | ||
| Supermicro X9drg-htf\+ | ||
| Supermicro X9drh-7f | ||
| Supermicro X9drh-7tf | ||
| Supermicro X9drh-if | ||
| Supermicro X9drh-itf | ||
| Supermicro X9dri-f | ||
| Supermicro X9dri-ln4f\+ | ||
| Supermicro X9drl-3f | ||
| Supermicro X9drl-ef | ||
| Supermicro X9drl-if | ||
| Supermicro X9drt-f | ||
| Supermicro X9drt-h6f | ||
| Supermicro X9drt-h6ibff | ||
| Supermicro X9drt-h6ibqf | ||
| Supermicro X9drt-hf\+ | ||
| Supermicro X9drt-ibff | ||
| Supermicro X9drt-ibqf | ||
| Supermicro X9drw-3ln4f\+ | ||
| Supermicro X9drw-3tf\+ | ||
| Supermicro X9drw-7tpf\+ | ||
| Supermicro X9drw-itpf\+ | ||
| Supermicro X9drx\+-f | ||
| Supermicro X9qr7-tf | ||
| Supermicro X9qr7-tf\+ | ||
| Supermicro X9qr7-tf-jbod | ||
| Supermicro X9qri-f | ||
| Supermicro X9qri-f\+ | ||
| Supermicro X9sbaa-f | ||
| Supermicro X9sca-f | ||
| Supermicro X9scd-f | ||
| Supermicro X9sce-f | ||
| Supermicro X9scff-f | ||
| Supermicro X9sci-ln4f | ||
| Supermicro X9scl\+-f | ||
| Supermicro X9scl-f | ||
| Supermicro X9scm-f | ||
| Supermicro X9scm-iif | ||
| Supermicro X9spu-f | ||
| Supermicro X9srd-f | ||
| Supermicro X9sre-3f | ||
| Supermicro X9sre-f | ||
| Supermicro X9srg-f | ||
| Supermicro X9sri-3f | ||
| Supermicro X9sri-f | ||
| Supermicro X9srl-f | ||
| Supermicro X9srw-f |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.kb.cert.org/vuls/id/648646
- http://www.securityfocus.com/bid/62098
- http://www.supermicro.com/products/nfo/files/IPMI/CVE_Update.pdf
- http://www.thomas-krenn.com/en/wiki/Supermicro_IPMI_Security_Updates_November_2013
- https://support.citrix.com/article/CTX216642
- https://www.usenix.org/system/files/conference/woot13/woot13-bonkoski_0.pdf
- collector/nvd-index
- agent/references
- agent/weakness
- agent/type
- agent/event
- agent/severity
- agent/author
- agent/description
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/supermicro
- canonical/supermicro h8dcl-6f
- canonical/supermicro h8dcl-if
- canonical/supermicro h8dct-hibqf
- canonical/supermicro h8dct-hln4f
- canonical/supermicro h8dct-ibqf
- canonical/supermicro h8dg6-f
- canonical/supermicro h8dgg-qf
- canonical/supermicro h8dgi-f
- canonical/supermicro h8dgt-hf
- canonical/supermicro h8dgt-hibqf
- canonical/supermicro h8dgt-hlf
- canonical/supermicro h8dgt-hlibqf
- canonical/supermicro h8dgu-f
- canonical/supermicro h8dgu-ln4f\+
- canonical/supermicro h8scm-f
- canonical/supermicro h8sgl-f
- canonical/supermicro h8sme-f
- canonical/supermicro h8sml-7
- canonical/supermicro h8sml-7f
- canonical/supermicro h8sml-i
- canonical/supermicro h8sml-if
- canonical/supermicro x7spa-hf
- canonical/supermicro x7spa-hf-d525
- canonical/supermicro x7spe-h-d525
- canonical/supermicro x7spe-hf
- canonical/supermicro x7spe-hf-d525
- canonical/supermicro x7spt-df-d525
- canonical/supermicro x7spt-df-d525\+
- canonical/supermicro x8dtl-3f
- canonical/supermicro x8dtl-6f
- canonical/supermicro x8dtl-if
- canonical/supermicro x8dtn\+-f
- canonical/supermicro x8dtn\+-f-lr
- canonical/supermicro x8dtu-6f\+
- canonical/supermicro x8dtu-6f\+-lr
- canonical/supermicro x8dtu-6tf\+
- canonical/supermicro x8dtu-6tf\+-lr
- canonical/supermicro x8dtu-ln4f\+
- canonical/supermicro x8dtu-ln4f\+-lr
- canonical/supermicro x8si6-f
- canonical/supermicro x8sia-f
- canonical/supermicro x8sie-f
- canonical/supermicro x8sie-ln4f
- canonical/supermicro x8sil-f
- canonical/supermicro x8sit-f
- canonical/supermicro x8sit-hf
- canonical/supermicro x8siu-f
- canonical/supermicro x9dax-7f
- canonical/supermicro x9dax-7f-hft
- canonical/supermicro x9dax-7tf
- canonical/supermicro x9dax-if
- canonical/supermicro x9dax-if-hft
- canonical/supermicro x9dax-itf
- canonical/supermicro x9db3-f
- canonical/supermicro x9db3-tpf
- canonical/supermicro x9dbi-f
- canonical/supermicro x9dbi-tpf
- canonical/supermicro x9dbl-3f
- canonical/supermicro x9dbl-if
- canonical/supermicro x9dbu-3f
- canonical/supermicro x9dbu-if
- canonical/supermicro x9dr3-f
- canonical/supermicro x9dr3-ln4f\+
- canonical/supermicro x9dr7-ln4f
- canonical/supermicro x9dr7-ln4f-jbod
- canonical/supermicro x9dr7-tf\+
- canonical/supermicro x9drd-7jln4f
- canonical/supermicro x9drd-7ln4f
- canonical/supermicro x9drd-7ln4f-jbod
- canonical/supermicro x9drd-ef
- canonical/supermicro x9drd-if
- canonical/supermicro x9dre-ln4f
- canonical/supermicro x9dre-tf\+
- canonical/supermicro x9drff
- canonical/supermicro x9drff-7
- canonical/supermicro x9drff-7\+
- canonical/supermicro x9drff-7g\+
- canonical/supermicro x9drff-7t\+
- canonical/supermicro x9drff-7tg\+
- canonical/supermicro x9drff-i\+
- canonical/supermicro x9drff-ig\+
- canonical/supermicro x9drff-it\+
- canonical/supermicro x9drff-itg\+
- canonical/supermicro x9drfr
- canonical/supermicro x9drg-hf
- canonical/supermicro x9drg-hf\+
- canonical/supermicro x9drg-htf
- canonical/supermicro x9drg-htf\+
- canonical/supermicro x9drh-7f
- canonical/supermicro x9drh-7tf
- canonical/supermicro x9drh-if
- canonical/supermicro x9drh-itf
- canonical/supermicro x9dri-f
- canonical/supermicro x9dri-ln4f\+
- canonical/supermicro x9drl-3f
- canonical/supermicro x9drl-ef
- canonical/supermicro x9drl-if
- canonical/supermicro x9drt-f
- canonical/supermicro x9drt-h6f
- canonical/supermicro x9drt-h6ibff
- canonical/supermicro x9drt-h6ibqf
- canonical/supermicro x9drt-hf\+
- canonical/supermicro x9drt-ibff
- canonical/supermicro x9drt-ibqf
- canonical/supermicro x9drw-3ln4f\+
- canonical/supermicro x9drw-3tf\+
- canonical/supermicro x9drw-7tpf\+
- canonical/supermicro x9drw-itpf\+
- canonical/supermicro x9drx\+-f
- canonical/supermicro x9qr7-tf
- canonical/supermicro x9qr7-tf\+
- canonical/supermicro x9qr7-tf-jbod
- canonical/supermicro x9qri-f
- canonical/supermicro x9qri-f\+
- canonical/supermicro x9sbaa-f
- canonical/supermicro x9sca-f
- canonical/supermicro x9scd-f
- canonical/supermicro x9sce-f
- canonical/supermicro x9scff-f
- canonical/supermicro x9sci-ln4f
- canonical/supermicro x9scl\+-f
- canonical/supermicro x9scl-f
- canonical/supermicro x9scm-f
- canonical/supermicro x9scm-iif
- canonical/supermicro x9spu-f
- canonical/supermicro x9srd-f
- canonical/supermicro x9sre-3f
- canonical/supermicro x9sre-f
- canonical/supermicro x9srg-f
- canonical/supermicro x9sri-3f
- canonical/supermicro x9sri-f
- canonical/supermicro x9srl-f
- canonical/supermicro x9srw-f