Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-13787

Certain Supermicro X11S, X10, X9, X8SI, K1SP, C9X299, C7, B1, A2, and A1 products have a misconfigured Descriptor Region, allowing OS programs to modify firmware.

Published

2018-07-09T18:29:00.560

Last Modified

2024-11-21T03:47:59.033

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 6.7 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

3.9

Impact Score

10.0

Weaknesses

Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	supermicro	x11ssz_firmware	-	Yes
Hardware	supermicro	x11ssz	-	No
Operating System	supermicro	x11ssv_firmware	-	Yes
Hardware	supermicro	x11ssv	-	No
Operating System	supermicro	x11ssql_firmware	-	Yes
Hardware	supermicro	x11ssql	-	No
Operating System	supermicro	x11ssq_firmware	-	Yes
Hardware	supermicro	x11ssq	-	No
Operating System	supermicro	x11ssn_firmware	-	Yes
Hardware	supermicro	x11ssn	-	No
Operating System	supermicro	x11srm_firmware	-	Yes
Hardware	supermicro	x11srm	-	No
Operating System	supermicro	x11sra_firmware	-	Yes
Hardware	supermicro	x11sra	-	No
Operating System	supermicro	x11sba_firmware	-	Yes
Hardware	supermicro	x11sba	-	No
Operating System	supermicro	x11sat_firmware	-	Yes
Hardware	supermicro	x11sat	-	No
Operating System	supermicro	x11sae_m_firmware	-	Yes
Hardware	supermicro	x11sae_m	-	No
Operating System	supermicro	x11sae_firmware	-	Yes
Hardware	supermicro	x11sae	-	No
Operating System	supermicro	x10srw_firmware	-	Yes
Hardware	supermicro	x10srw	-	No
Operating System	supermicro	x10srm_firmware	-	Yes
Hardware	supermicro	x10srm	-	No
Operating System	supermicro	x10srl_firmware	-	Yes
Hardware	supermicro	x10srl	-	No
Operating System	supermicro	x10sri_firmware	-	Yes
Hardware	supermicro	x10sri	-	No
Operating System	supermicro	x10srh_firmware	-	Yes
Hardware	supermicro	x10srh	-	No
Operating System	supermicro	x10srg_firmware	-	Yes
Hardware	supermicro	x10srg	-	No
Operating System	supermicro	x10srd_firmware	-	Yes
Hardware	supermicro	x10srd	-	No
Operating System	supermicro	x10sra_firmware	-	Yes
Hardware	supermicro	x10sra	-	No
Operating System	supermicro	x10sdvt_firmware	-	Yes
Hardware	supermicro	x10sdvt	-	No
Operating System	supermicro	x10sdvf_firmware	-	Yes
Hardware	supermicro	x10sdvf	-	No
Operating System	supermicro	x10sde_firmware	-	Yes
Hardware	supermicro	x10sde	-	No
Operating System	supermicro	x10sddf_firmware	-	Yes
Hardware	supermicro	x10sddf	-	No
Operating System	supermicro	x10sba_firmware	-	Yes
Hardware	supermicro	x10sba	-	No
Operating System	supermicro	x10qrh_firmware	-	Yes
Hardware	supermicro	x10qrh	-	No
Operating System	supermicro	x10dsn_firmware	-	Yes
Hardware	supermicro	x10dsn	-	No
Operating System	supermicro	x10dscp_firmware	-	Yes
Hardware	supermicro	x10dscp	-	No
Operating System	supermicro	x10dsc_firmware	-	Yes
Hardware	supermicro	x10dsc	-	No
Operating System	supermicro	x10drx_firmware	-	Yes
Hardware	supermicro	x10drx	-	No
Operating System	supermicro	x10drwn_firmware	-	Yes
Hardware	supermicro	x10drwn	-	No
Operating System	supermicro	x10drw_firmware	-	Yes
Hardware	supermicro	x10drw	-	No
Operating System	supermicro	x10drux_firmware	-	Yes
Hardware	supermicro	x10drux	-	No
Operating System	supermicro	x10drul_firmware	-	Yes
Hardware	supermicro	x10drul	-	No
Operating System	supermicro	x10dru_firmware	-	Yes
Hardware	supermicro	x10dru	-	No
Operating System	supermicro	x10drts_firmware	-	Yes
Hardware	supermicro	x10drts	-	No
Operating System	supermicro	x10drtps_firmware	-	Yes
Hardware	supermicro	x10drtps	-	No
Operating System	supermicro	x10drtl_firmware	-	Yes
Hardware	supermicro	x10drtl	-	No
Operating System	supermicro	x10drth_firmware	-	Yes
Hardware	supermicro	x10drth	-	No
Operating System	supermicro	x10drtb_firmware	-	Yes
Hardware	supermicro	x10drtb	-	No
Operating System	supermicro	x10drt_firmware	-	Yes
Hardware	supermicro	x10drt	-	No
Operating System	supermicro	x10drs_firmware	-	Yes
Hardware	supermicro	x10drs	-	No
Operating System	supermicro	x10drln_firmware	-	Yes
Hardware	supermicro	x10drln	-	No
Operating System	supermicro	x10drlc_firmware	-	Yes
Hardware	supermicro	x10drlc	-	No
Operating System	supermicro	x10drl_firmware	-	Yes
Hardware	supermicro	x10drl	-	No
Operating System	supermicro	x10dri1_firmware	-	Yes
Hardware	supermicro	x10dri1	-	No
Operating System	supermicro	x10drh4_firmware	-	Yes
Hardware	supermicro	x10drh4	-	No
Operating System	supermicro	x10drh_firmware	-	Yes
Hardware	supermicro	x10drh	-	No
Operating System	supermicro	x10drgo_firmware	-	Yes
Hardware	supermicro	x10drgo	-	No
Operating System	supermicro	x10drgh_firmware	-	Yes
Hardware	supermicro	x10drgh	-	No
Operating System	supermicro	x10drg_firmware	-	Yes
Hardware	supermicro	x10drg	-	No
Operating System	supermicro	x10drfr_firmware	-	Yes
Hardware	supermicro	x10drfr	-	No
Operating System	supermicro	x10drfg_firmware	-	Yes
Hardware	supermicro	x10drfg	-	No
Operating System	supermicro	x10drff_firmware	-	Yes
Hardware	supermicro	x10drff	-	No
Operating System	supermicro	x10drdl_firmware	-	Yes
Hardware	supermicro	x10drdl	-	No
Operating System	supermicro	x10drd_firmware	-	Yes
Hardware	supermicro	x10drd	-	No
Operating System	supermicro	x10drc_firmware	-	Yes
Hardware	supermicro	x10drc	-	No
Operating System	supermicro	x10dgo_firmware	-	Yes
Hardware	supermicro	x10dgo	-	No
Operating System	supermicro	x10ddwn_firmware	-	Yes
Hardware	supermicro	x10ddwn	-	No
Operating System	supermicro	x10ddwi_firmware	-	Yes
Hardware	supermicro	x10ddwi	-	No
Operating System	supermicro	x10ddw4_firmware	-	Yes
Hardware	supermicro	x10ddw4	-	No
Operating System	supermicro	x10ddw3_firmware	-	Yes
Hardware	supermicro	x10ddw3	-	No
Operating System	supermicro	x10dax_firmware	-	Yes
Hardware	supermicro	x10dax	-	No
Operating System	supermicro	x10dali_firmware	-	Yes
Hardware	supermicro	x10dali	-	No
Operating System	supermicro	x10dal_firmware	-	Yes
Hardware	supermicro	x10dal	-	No
Operating System	supermicro	x10dai_firmware	-	Yes
Hardware	supermicro	x10dai	-	No
Operating System	supermicro	b10drt_firmware	-	Yes
Hardware	supermicro	b10drt	-	No
Operating System	supermicro	b10dri_firmware	-	Yes
Hardware	supermicro	b10dri	-	No
Operating System	supermicro	b10drg_firmware	-	Yes
Hardware	supermicro	b10drg	-	No
Operating System	supermicro	x9sae_firmware	-	Yes
Hardware	supermicro	x9sae	-	No
Operating System	supermicro	x9drth_firmware	-	Yes
Hardware	supermicro	x9drth	-	No
Operating System	supermicro	x9drgqf_firmware	-	Yes
Hardware	supermicro	x9drgqf	-	No
Operating System	supermicro	x9drffp_firmware	-	Yes
Hardware	supermicro	x9drffp	-	No
Operating System	supermicro	x9drf_firmware	-	Yes
Hardware	supermicro	x9drf	-	No
Operating System	supermicro	x9dbl_firmware	-	Yes
Hardware	supermicro	x9dbl	-	No
Operating System	supermicro	x8siu_firmware	-	Yes
Hardware	supermicro	x8siu	-	No
Operating System	supermicro	x8sit_firmware	-	Yes
Hardware	supermicro	x8sit	-	No
Operating System	supermicro	x8sil_firmware	-	Yes
Hardware	supermicro	x8sil	-	No
Operating System	supermicro	x8sie_firmware	-	Yes
Hardware	supermicro	x8sie	-	No
Operating System	supermicro	x8sia_firmware	-	Yes
Hardware	supermicro	x8sia	-	No
Operating System	supermicro	k1spi_firmware	-	Yes
Hardware	supermicro	k1spi	-	No
Operating System	supermicro	k1spes_firmware	-	Yes
Hardware	supermicro	k1spes	-	No
Operating System	supermicro	c9x299_firmware	-	Yes
Hardware	supermicro	c9x299	-	No
Operating System	supermicro	c7z97oc_firmware	-	Yes
Hardware	supermicro	c7z97oc	-	No
Operating System	supermicro	c7z97mf_firmware	-	Yes
Hardware	supermicro	c7z97mf	-	No
Operating System	supermicro	c7z87oc_firmware	-	Yes
Hardware	supermicro	c7z87oc	-	No
Operating System	supermicro	c7z370l_firmware	-	Yes
Hardware	supermicro	c7z370l	-	No
Operating System	supermicro	c7z370i_firmware	-	Yes
Hardware	supermicro	c7z370i	-	No
Operating System	supermicro	c7z270p_firmware	-	Yes
Hardware	supermicro	c7z270p	-	No
Operating System	supermicro	c7z270m_firmware	-	Yes
Hardware	supermicro	c7z270m	-	No
Operating System	supermicro	c7z270l_firmware	-	Yes
Hardware	supermicro	c7z270l	-	No
Operating System	supermicro	c7z270cg_firmware	-	Yes
Hardware	supermicro	c7z270cg	-	No
Operating System	supermicro	c7z270c_firmware	-	Yes
Hardware	supermicro	c7z270c	-	No
Operating System	supermicro	c7z170oce_firmware	-	Yes
Hardware	supermicro	c7z170oce	-	No
Operating System	supermicro	c7z170o_firmware	-	Yes
Hardware	supermicro	c7z170o	-	No
Operating System	supermicro	c7z170_firmware	-	Yes
Hardware	supermicro	c7z170	-	No
Operating System	supermicro	c7x99oc_firmware	-	Yes
Hardware	supermicro	c7x99oc	-	No
Operating System	supermicro	c7q270_firmware	-	Yes
Hardware	supermicro	c7q270	-	No
Operating System	supermicro	c7h270_firmware	-	Yes
Hardware	supermicro	c7h270	-	No
Operating System	supermicro	c7b250_firmware	-	Yes
Hardware	supermicro	c7b250	-	No
Operating System	supermicro	b1sd2tf_firmware	-	Yes
Hardware	supermicro	b1sd2tf	-	No
Operating System	supermicro	b1sa4_firmware	-	Yes
Hardware	supermicro	b1sa4	-	No
Operating System	supermicro	b1dri_firmware	-	Yes
Hardware	supermicro	b1dri	-	No
Operating System	supermicro	a2sav_firmware	-	Yes
Hardware	supermicro	a2sav	-	No
Operating System	supermicro	a2sap_firmware	-	Yes
Hardware	supermicro	a2sap	-	No
Operating System	supermicro	a2san_firmware	-	Yes
Hardware	supermicro	a2san	-	No
Operating System	supermicro	a1srm_firmware	-	Yes
Hardware	supermicro	a1srm	-	No
Operating System	supermicro	a1sam_firmware	-	Yes
Hardware	supermicro	a1sam	-	No
Operating System	supermicro	a1sai1_firmware	-	Yes
Hardware	supermicro	a1sai1	-	No
Operating System	supermicro	a1sai_firmware	-	Yes
Hardware	supermicro	a1sai	-	No
Operating System	supermicro	a1sa_firmware	-	Yes
Hardware	supermicro	a1sa	-	No

References

https://blog.eclypsium.com/2018/06/07/firmware-vulnerabilities-in-supermicro-systems/ Third Party Advisory ([email protected])
https://www.bleepingcomputer.com/news/security/firmware-vulnerabilities-disclosed-in-supermicro-server-products/ Third Party Advisory ([email protected])
https://www.supermicro.com/support/security_Intel-SA-00088.cfm?pg=X10#tab Third Party Advisory ([email protected])
https://blog.eclypsium.com/2018/06/07/firmware-vulnerabilities-in-supermicro-systems/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.bleepingcomputer.com/news/security/firmware-vulnerabilities-disclosed-in-supermicro-server-products/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.supermicro.com/support/security_Intel-SA-00088.cfm?pg=X10#tab Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)