Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-13787

Certain Supermicro X11S, X10, X9, X8SI, K1SP, C9X299, C7, B1, A2, and A1 products have a misconfigured Descriptor Region, allowing OS programs to modify firmware.

Security Impact Summary

This vulnerability carries a MEDIUM severity rating with a CVSS v3.1 score of 6.7, requiring local system access to exploit with relatively low complexity without requiring user interaction . The vulnerability impacts confidentiality (data exposure), integrity (unauthorized modifications), and availability (service disruption) for affected systems. Impacting 220 products from supermicro, from supermicro, from supermicro and 217 others, organizations running these solutions should prioritize assessment and patching.

Historical Context

First disclosed in 2018, this vulnerability was reported during a period defined by widespread IoT adoption challenges, mobile security concerns, and the emergence of advanced persistent threat (APT) techniques. Contemporary mitigation strategies focused on secure development practices and third-party component vetting.

Published

2018-07-09T18:29:00.560

Last Modified

2024-11-21T03:47:59.033

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 6.7 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

3.9

Impact Score

10.0

Weaknesses

Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	supermicro	x11ssz_firmware	-	Yes
Hardware	supermicro	x11ssz	-	No
Operating System	supermicro	x11ssv_firmware	-	Yes
Hardware	supermicro	x11ssv	-	No
Operating System	supermicro	x11ssql_firmware	-	Yes
Hardware	supermicro	x11ssql	-	No
Operating System	supermicro	x11ssq_firmware	-	Yes
Hardware	supermicro	x11ssq	-	No
Operating System	supermicro	x11ssn_firmware	-	Yes
Hardware	supermicro	x11ssn	-	No
Operating System	supermicro	x11srm_firmware	-	Yes
Hardware	supermicro	x11srm	-	No
Operating System	supermicro	x11sra_firmware	-	Yes
Hardware	supermicro	x11sra	-	No
Operating System	supermicro	x11sba_firmware	-	Yes
Hardware	supermicro	x11sba	-	No
Operating System	supermicro	x11sat_firmware	-	Yes
Hardware	supermicro	x11sat	-	No
Operating System	supermicro	x11sae_m_firmware	-	Yes
Hardware	supermicro	x11sae_m	-	No
Operating System	supermicro	x11sae_firmware	-	Yes
Hardware	supermicro	x11sae	-	No
Operating System	supermicro	x10srw_firmware	-	Yes
Hardware	supermicro	x10srw	-	No
Operating System	supermicro	x10srm_firmware	-	Yes
Hardware	supermicro	x10srm	-	No
Operating System	supermicro	x10srl_firmware	-	Yes
Hardware	supermicro	x10srl	-	No
Operating System	supermicro	x10sri_firmware	-	Yes
Hardware	supermicro	x10sri	-	No
Operating System	supermicro	x10srh_firmware	-	Yes
Hardware	supermicro	x10srh	-	No
Operating System	supermicro	x10srg_firmware	-	Yes
Hardware	supermicro	x10srg	-	No
Operating System	supermicro	x10srd_firmware	-	Yes
Hardware	supermicro	x10srd	-	No
Operating System	supermicro	x10sra_firmware	-	Yes
Hardware	supermicro	x10sra	-	No
Operating System	supermicro	x10sdvt_firmware	-	Yes
Hardware	supermicro	x10sdvt	-	No
Operating System	supermicro	x10sdvf_firmware	-	Yes
Hardware	supermicro	x10sdvf	-	No
Operating System	supermicro	x10sde_firmware	-	Yes
Hardware	supermicro	x10sde	-	No
Operating System	supermicro	x10sddf_firmware	-	Yes
Hardware	supermicro	x10sddf	-	No
Operating System	supermicro	x10sba_firmware	-	Yes
Hardware	supermicro	x10sba	-	No
Operating System	supermicro	x10qrh_firmware	-	Yes
Hardware	supermicro	x10qrh	-	No
Operating System	supermicro	x10dsn_firmware	-	Yes
Hardware	supermicro	x10dsn	-	No
Operating System	supermicro	x10dscp_firmware	-	Yes
Hardware	supermicro	x10dscp	-	No
Operating System	supermicro	x10dsc_firmware	-	Yes
Hardware	supermicro	x10dsc	-	No
Operating System	supermicro	x10drx_firmware	-	Yes
Hardware	supermicro	x10drx	-	No
Operating System	supermicro	x10drwn_firmware	-	Yes
Hardware	supermicro	x10drwn	-	No
Operating System	supermicro	x10drw_firmware	-	Yes
Hardware	supermicro	x10drw	-	No
Operating System	supermicro	x10drux_firmware	-	Yes
Hardware	supermicro	x10drux	-	No
Operating System	supermicro	x10drul_firmware	-	Yes
Hardware	supermicro	x10drul	-	No
Operating System	supermicro	x10dru_firmware	-	Yes
Hardware	supermicro	x10dru	-	No
Operating System	supermicro	x10drts_firmware	-	Yes
Hardware	supermicro	x10drts	-	No
Operating System	supermicro	x10drtps_firmware	-	Yes
Hardware	supermicro	x10drtps	-	No
Operating System	supermicro	x10drtl_firmware	-	Yes
Hardware	supermicro	x10drtl	-	No
Operating System	supermicro	x10drth_firmware	-	Yes
Hardware	supermicro	x10drth	-	No
Operating System	supermicro	x10drtb_firmware	-	Yes
Hardware	supermicro	x10drtb	-	No
Operating System	supermicro	x10drt_firmware	-	Yes
Hardware	supermicro	x10drt	-	No
Operating System	supermicro	x10drs_firmware	-	Yes
Hardware	supermicro	x10drs	-	No
Operating System	supermicro	x10drln_firmware	-	Yes
Hardware	supermicro	x10drln	-	No
Operating System	supermicro	x10drlc_firmware	-	Yes
Hardware	supermicro	x10drlc	-	No
Operating System	supermicro	x10drl_firmware	-	Yes
Hardware	supermicro	x10drl	-	No
Operating System	supermicro	x10dri1_firmware	-	Yes
Hardware	supermicro	x10dri1	-	No
Operating System	supermicro	x10drh4_firmware	-	Yes
Hardware	supermicro	x10drh4	-	No
Operating System	supermicro	x10drh_firmware	-	Yes
Hardware	supermicro	x10drh	-	No
Operating System	supermicro	x10drgo_firmware	-	Yes
Hardware	supermicro	x10drgo	-	No
Operating System	supermicro	x10drgh_firmware	-	Yes
Hardware	supermicro	x10drgh	-	No
Operating System	supermicro	x10drg_firmware	-	Yes
Hardware	supermicro	x10drg	-	No
Operating System	supermicro	x10drfr_firmware	-	Yes
Hardware	supermicro	x10drfr	-	No
Operating System	supermicro	x10drfg_firmware	-	Yes
Hardware	supermicro	x10drfg	-	No
Operating System	supermicro	x10drff_firmware	-	Yes
Hardware	supermicro	x10drff	-	No
Operating System	supermicro	x10drdl_firmware	-	Yes
Hardware	supermicro	x10drdl	-	No
Operating System	supermicro	x10drd_firmware	-	Yes
Hardware	supermicro	x10drd	-	No
Operating System	supermicro	x10drc_firmware	-	Yes
Hardware	supermicro	x10drc	-	No
Operating System	supermicro	x10dgo_firmware	-	Yes
Hardware	supermicro	x10dgo	-	No
Operating System	supermicro	x10ddwn_firmware	-	Yes
Hardware	supermicro	x10ddwn	-	No
Operating System	supermicro	x10ddwi_firmware	-	Yes
Hardware	supermicro	x10ddwi	-	No
Operating System	supermicro	x10ddw4_firmware	-	Yes
Hardware	supermicro	x10ddw4	-	No
Operating System	supermicro	x10ddw3_firmware	-	Yes
Hardware	supermicro	x10ddw3	-	No
Operating System	supermicro	x10dax_firmware	-	Yes
Hardware	supermicro	x10dax	-	No
Operating System	supermicro	x10dali_firmware	-	Yes
Hardware	supermicro	x10dali	-	No
Operating System	supermicro	x10dal_firmware	-	Yes
Hardware	supermicro	x10dal	-	No
Operating System	supermicro	x10dai_firmware	-	Yes
Hardware	supermicro	x10dai	-	No
Operating System	supermicro	b10drt_firmware	-	Yes
Hardware	supermicro	b10drt	-	No
Operating System	supermicro	b10dri_firmware	-	Yes
Hardware	supermicro	b10dri	-	No
Operating System	supermicro	b10drg_firmware	-	Yes
Hardware	supermicro	b10drg	-	No
Operating System	supermicro	x9sae_firmware	-	Yes
Hardware	supermicro	x9sae	-	No
Operating System	supermicro	x9drth_firmware	-	Yes
Hardware	supermicro	x9drth	-	No
Operating System	supermicro	x9drgqf_firmware	-	Yes
Hardware	supermicro	x9drgqf	-	No
Operating System	supermicro	x9drffp_firmware	-	Yes
Hardware	supermicro	x9drffp	-	No
Operating System	supermicro	x9drf_firmware	-	Yes
Hardware	supermicro	x9drf	-	No
Operating System	supermicro	x9dbl_firmware	-	Yes
Hardware	supermicro	x9dbl	-	No
Operating System	supermicro	x8siu_firmware	-	Yes
Hardware	supermicro	x8siu	-	No
Operating System	supermicro	x8sit_firmware	-	Yes
Hardware	supermicro	x8sit	-	No
Operating System	supermicro	x8sil_firmware	-	Yes
Hardware	supermicro	x8sil	-	No
Operating System	supermicro	x8sie_firmware	-	Yes
Hardware	supermicro	x8sie	-	No
Operating System	supermicro	x8sia_firmware	-	Yes
Hardware	supermicro	x8sia	-	No
Operating System	supermicro	k1spi_firmware	-	Yes
Hardware	supermicro	k1spi	-	No
Operating System	supermicro	k1spes_firmware	-	Yes
Hardware	supermicro	k1spes	-	No
Operating System	supermicro	c9x299_firmware	-	Yes
Hardware	supermicro	c9x299	-	No
Operating System	supermicro	c7z97oc_firmware	-	Yes
Hardware	supermicro	c7z97oc	-	No
Operating System	supermicro	c7z97mf_firmware	-	Yes
Hardware	supermicro	c7z97mf	-	No
Operating System	supermicro	c7z87oc_firmware	-	Yes
Hardware	supermicro	c7z87oc	-	No
Operating System	supermicro	c7z370l_firmware	-	Yes
Hardware	supermicro	c7z370l	-	No
Operating System	supermicro	c7z370i_firmware	-	Yes
Hardware	supermicro	c7z370i	-	No
Operating System	supermicro	c7z270p_firmware	-	Yes
Hardware	supermicro	c7z270p	-	No
Operating System	supermicro	c7z270m_firmware	-	Yes
Hardware	supermicro	c7z270m	-	No
Operating System	supermicro	c7z270l_firmware	-	Yes
Hardware	supermicro	c7z270l	-	No
Operating System	supermicro	c7z270cg_firmware	-	Yes
Hardware	supermicro	c7z270cg	-	No
Operating System	supermicro	c7z270c_firmware	-	Yes
Hardware	supermicro	c7z270c	-	No
Operating System	supermicro	c7z170oce_firmware	-	Yes
Hardware	supermicro	c7z170oce	-	No
Operating System	supermicro	c7z170o_firmware	-	Yes
Hardware	supermicro	c7z170o	-	No
Operating System	supermicro	c7z170_firmware	-	Yes
Hardware	supermicro	c7z170	-	No
Operating System	supermicro	c7x99oc_firmware	-	Yes
Hardware	supermicro	c7x99oc	-	No
Operating System	supermicro	c7q270_firmware	-	Yes
Hardware	supermicro	c7q270	-	No
Operating System	supermicro	c7h270_firmware	-	Yes
Hardware	supermicro	c7h270	-	No
Operating System	supermicro	c7b250_firmware	-	Yes
Hardware	supermicro	c7b250	-	No
Operating System	supermicro	b1sd2tf_firmware	-	Yes
Hardware	supermicro	b1sd2tf	-	No
Operating System	supermicro	b1sa4_firmware	-	Yes
Hardware	supermicro	b1sa4	-	No
Operating System	supermicro	b1dri_firmware	-	Yes
Hardware	supermicro	b1dri	-	No
Operating System	supermicro	a2sav_firmware	-	Yes
Hardware	supermicro	a2sav	-	No
Operating System	supermicro	a2sap_firmware	-	Yes
Hardware	supermicro	a2sap	-	No
Operating System	supermicro	a2san_firmware	-	Yes
Hardware	supermicro	a2san	-	No
Operating System	supermicro	a1srm_firmware	-	Yes
Hardware	supermicro	a1srm	-	No
Operating System	supermicro	a1sam_firmware	-	Yes
Hardware	supermicro	a1sam	-	No
Operating System	supermicro	a1sai1_firmware	-	Yes
Hardware	supermicro	a1sai1	-	No
Operating System	supermicro	a1sai_firmware	-	Yes
Hardware	supermicro	a1sai	-	No
Operating System	supermicro	a1sa_firmware	-	Yes
Hardware	supermicro	a1sa	-	No

References

https://blog.eclypsium.com/2018/06/07/firmware-vulnerabilities-in-supermicro-systems/ Third Party Advisory ([email protected])
https://www.bleepingcomputer.com/news/security/firmware-vulnerabilities-disclosed-in-supermicro-server-products/ Third Party Advisory ([email protected])
https://www.supermicro.com/support/security_Intel-SA-00088.cfm?pg=X10#tab Third Party Advisory ([email protected])
https://blog.eclypsium.com/2018/06/07/firmware-vulnerabilities-in-supermicro-systems/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.bleepingcomputer.com/news/security/firmware-vulnerabilities-disclosed-in-supermicro-server-products/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.supermicro.com/support/security_Intel-SA-00088.cfm?pg=X10#tab Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For supermicro's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.