Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2013-3619

Intelligent Platform Management Interface (IPMI) with firmware for Supermicro X9 generation motherboards before SMT_X9_317 and firmware for Supermicro X8 generation motherboards before SMT X8 312 contain harcoded private encryption keys for the (1) Lighttpd web server SSL interface and the (2) Dropbear SSH daemon.

Published

2020-01-02T18:15:11.323

Last Modified

2024-11-21T01:53:59.960

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.1 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

8.6

Impact Score

2.9

Weaknesses

Type: Primary
CWE-798

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	supermicro	smt_x9_firmware	< 3.15	Yes
Hardware	supermicro	sh7758	-	No
Operating System	supermicro	smt_x8_firmware	< 3.12	Yes
Hardware	supermicro	sh7757	-	No
Operating System	citrix	netscaler_sdx_firmware	10	Yes
Hardware	citrix	netscaler_sdx	-	No
Operating System	citrix	netscaler_firmware	-	Yes
Hardware	citrix	netscaler	-	No
Operating System	citrix	netscaler_sd-wan_firmware	-	Yes
Hardware	citrix	netscaler_sd-wan	-	No

References

http://support.citrix.com/article/CTX216642 Third Party Advisory ([email protected])
https://community.rapid7.com/community/metasploit/blog/2013/11/05/supermicro-ipmi-firmware-vulnerabilities Third Party Advisory ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/89044 Third Party Advisory, VDB Entry ([email protected])
https://support.citrix.com/article/CTX216642 Third Party Advisory ([email protected])
https://www.supermicro.com/products/nfo/files/IPMI/CVE_Update.pdf Vendor Advisory ([email protected])
http://support.citrix.com/article/CTX216642 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://community.rapid7.com/community/metasploit/blog/2013/11/05/supermicro-ipmi-firmware-vulnerabilities Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/89044 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://support.citrix.com/article/CTX216642 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.supermicro.com/products/nfo/files/IPMI/CVE_Update.pdf Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)