CVE-2013-3619
First published: Thu Jan 02 2020(Updated: )
Intelligent Platform Management Interface (IPMI) with firmware for Supermicro X9 generation motherboards before SMT_X9_317 and firmware for Supermicro X8 generation motherboards before SMT X8 312 contain harcoded private encryption keys for the (1) Lighttpd web server SSL interface and the (2) Dropbear SSH daemon.
Credit: cret@cert.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Supermicro Smt X9 Firmware | <3.15 | |
| Supermicro Sh7758 | ||
| Supermicro Smt X8 Firmware | <3.12 | |
| Supermicro Sh7757 | ||
| Citrix Netscaler Sdx Firmware | =10 | |
| Citrix Netscaler Sdx | ||
| Citrix Netscaler Firmware | ||
| Citrix NetScaler | ||
| Citrix Netscaler Sd-wan Firmware | ||
| Citrix NetScaler SD-WAN |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://support.citrix.com/article/CTX216642
- https://community.rapid7.com/community/metasploit/blog/2013/11/05/supermicro-ipmi-firmware-vulnerabilities
- https://exchange.xforce.ibmcloud.com/vulnerabilities/89044
- https://support.citrix.com/article/CTX216642
- https://www.supermicro.com/products/nfo/files/IPMI/CVE_Update.pdf
Frequently Asked Questions
What is CVE-2013-3619?
CVE-2013-3619 is a vulnerability in Intelligent Platform Management Interface (IPMI) with firmware for Supermicro X9 generation motherboards before SMT_X9_317 and firmware for Supermicro X8 generation motherboards before SMT X8 312.
What is the severity of CVE-2013-3619?
CVE-2013-3619 has a severity rating of 8.1 (high).
What software versions are affected by CVE-2013-3619?
CVE-2013-3619 affects Supermicro X9 generation motherboards with firmware before SMT_X9_317 and Supermicro X8 generation motherboards with firmware before SMT X8 312.
How can I fix CVE-2013-3619?
To fix CVE-2013-3619, upgrade the firmware of the affected Supermicro X9 and X8 generation motherboards to versions SMT_X9_317 and SMT X8 312 respectively.
Where can I find more information about CVE-2013-3619?
You can find more information about CVE-2013-3619 at the following references: [1] http://support.citrix.com/article/CTX216642, [2] https://community.rapid7.com/community/metasploit/blog/2013/11/05/supermicro-ipmi-firmware-vulnerabilities, [3] https://exchange.xforce.ibmcloud.com/vulnerabilities/89044.
- collector/nvd-index
- agent/severity
- agent/weakness
- agent/author
- agent/type
- agent/event
- agent/references
- agent/description
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/supermicro
- canonical/supermicro smt x9 firmware
- canonical/supermicro sh7758
- canonical/supermicro smt x8 firmware
- canonical/supermicro sh7757
- vendor/citrix
- canonical/citrix netscaler sdx firmware
- version/citrix netscaler sdx firmware/10
- canonical/citrix netscaler sdx
- canonical/citrix netscaler firmware
- canonical/citrix netscaler
- canonical/citrix netscaler sd-wan firmware
- canonical/citrix netscaler sd-wan