{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-08-13T00:00:00", "descriptions": [{"lang": "en", "value": "The web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC*, H8DG*, H8SCM-F, H8SGL-F, H8SM*, X7SP*, X8DT*, X8SI*, X9DAX-*, X9DB*, X9DR*, X9QR*, X9SBAA-F, X9SC*, X9SPU-F, and X9SR* devices relies on JavaScript code on the client for authorization checks, which allows remote authenticated users to bypass intended access restrictions via a crafted request, related to the PrivilegeCallBack function."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-11-14T10:57:01", "orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc"}, "references": [{"name": "62098", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/62098"}, {"name": "VU#648646", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/648646"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.supermicro.com/products/nfo/files/IPMI/CVE_Update.pdf"}, {"tags": ["x_refsource_MISC"], "url": "https://www.usenix.org/system/files/conference/woot13/woot13-bonkoski_0.pdf"}, {"tags": ["x_refsource_MISC"], "url": "http://www.thomas-krenn.com/en/wiki/Supermicro_IPMI_Security_Updates_November_2013"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.citrix.com/article/CTX216642"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cert@cert.org", "ID": "CVE-2013-3609", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC*, H8DG*, H8SCM-F, H8SGL-F, H8SM*, X7SP*, X8DT*, X8SI*, X9DAX-*, X9DB*, X9DR*, X9QR*, X9SBAA-F, X9SC*, X9SPU-F, and X9SR* devices relies on JavaScript code on the client for authorization checks, which allows remote authenticated users to bypass intended access restrictions via a crafted request, related to the PrivilegeCallBack function."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "62098", "refsource": "BID", "url": "http://www.securityfocus.com/bid/62098"}, {"name": "VU#648646", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/648646"}, {"name": "http://www.supermicro.com/products/nfo/files/IPMI/CVE_Update.pdf", "refsource": "CONFIRM", "url": "http://www.supermicro.com/products/nfo/files/IPMI/CVE_Update.pdf"}, {"name": "https://www.usenix.org/system/files/conference/woot13/woot13-bonkoski_0.pdf", "refsource": "MISC", "url": "https://www.usenix.org/system/files/conference/woot13/woot13-bonkoski_0.pdf"}, {"name": "http://www.thomas-krenn.com/en/wiki/Supermicro_IPMI_Security_Updates_November_2013", "refsource": "MISC", "url": "http://www.thomas-krenn.com/en/wiki/Supermicro_IPMI_Security_Updates_November_2013"}, {"name": "https://support.citrix.com/article/CTX216642", "refsource": "CONFIRM", "url": "https://support.citrix.com/article/CTX216642"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T16:14:56.568Z"}, "title": "CVE Program Container", "references": [{"name": "62098", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/62098"}, {"name": "VU#648646", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/648646"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.supermicro.com/products/nfo/files/IPMI/CVE_Update.pdf"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.usenix.org/system/files/conference/woot13/woot13-bonkoski_0.pdf"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.thomas-krenn.com/en/wiki/Supermicro_IPMI_Security_Updates_November_2013"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.citrix.com/article/CTX216642"}]}]}, "cveMetadata": {"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "cveId": "CVE-2013-3609", "datePublished": "2013-09-08T01:00:00", "dateReserved": "2013-05-21T00:00:00", "dateUpdated": "2024-08-06T16:14:56.568Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:supermicro:h8dcl-6f:-:*:*:*:*:*:*:*", "matchCriteriaId": "23F574AF-FC1C-453C-A8FB-C11F42ED8E77", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:h8dcl-if:-:*:*:*:*:*:*:*", "matchCriteriaId": "5B966320-9479-48D4-9C08-0C5BC655588D", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:h8dct-hibqf:-:*:*:*:*:*:*:*", "matchCriteriaId": "5C252A3D-C2F1-4E15-8CEA-ED86C550EBB6", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:h8dct-hln4f:-:*:*:*:*:*:*:*", "matchCriteriaId": "502A47AC-064C-49FE-AC9C-50D0C1B62DA2", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:h8dct-ibqf:-:*:*:*:*:*:*:*", "matchCriteriaId": "AFB18D39-D5F9-4F4E-8FA7-F0FF7F896564", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:h8dg6-f:-:*:*:*:*:*:*:*", "matchCriteriaId": "797EFABC-8823-4B42-8FA1-A26CF406166B", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:h8dgg-qf:-:*:*:*:*:*:*:*", "matchCriteriaId": "978262CA-7C6A-4F3D-9480-A08230E30EB8", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:h8dgi-f:-:*:*:*:*:*:*:*", "matchCriteriaId": "F113C555-5E90-4458-9C30-79C3EBB8E917", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:h8dgt-hf:-:*:*:*:*:*:*:*", "matchCriteriaId": "C8551A73-5B20-44D5-BC9C-11F18F40C055", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:h8dgt-hibqf:-:*:*:*:*:*:*:*", "matchCriteriaId": "2EEBE2CB-7349-4A9A-838F-7E4220BF74E1", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:h8dgt-hlf:-:*:*:*:*:*:*:*", "matchCriteriaId": "39DEF117-ED63-42DF-A4E6-0A019BE82968", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:h8dgt-hlibqf:-:*:*:*:*:*:*:*", "matchCriteriaId": "4A873933-3F6C-4EC0-8AB2-8B0DFCB7424F", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:h8dgu-f:-:*:*:*:*:*:*:*", "matchCriteriaId": "BCAA5397-D28D-4817-AC21-F0D0DEA95489", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:h8dgu-ln4f\\+:-:*:*:*:*:*:*:*", "matchCriteriaId": "35AE93B7-C3D1-45A8-9D2C-9DB7101AAECD", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:h8scm-f:-:*:*:*:*:*:*:*", "matchCriteriaId": "4CCF563E-6A20-4F99-80FB-1BED5149E8C3", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:h8sgl-f:-:*:*:*:*:*:*:*", "matchCriteriaId": "BB097280-76E6-4DBE-BD2F-DDE3C9DBD734", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:h8sme-f:-:*:*:*:*:*:*:*", "matchCriteriaId": "36ACA455-CB46-4B0E-9F5B-86508907323C", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:h8sml-7:-:*:*:*:*:*:*:*", "matchCriteriaId": "1A159DCC-D2F7-4409-B842-027100794679", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:h8sml-7f:-:*:*:*:*:*:*:*", "matchCriteriaId": "A34630C1-5B6A-46BD-BD0A-A1DED08003E8", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:h8sml-i:-:*:*:*:*:*:*:*", "matchCriteriaId": "38A5024C-F341-4DD6-ABCF-B9259937732C", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:h8sml-if:-:*:*:*:*:*:*:*", "matchCriteriaId": "C09A30A7-C88C-4365-8D24-BFAB1EEF53F5", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:x7spa-hf:-:*:*:*:*:*:*:*", "matchCriteriaId": "0D060E9B-0967-49E1-958B-B4557BC2634A", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:x7spa-hf-d525:-:*:*:*:*:*:*:*", "matchCriteriaId": "6596C3C0-9DAC-43AF-9185-51E16096BAEC", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:x7spe-h-d525:-:*:*:*:*:*:*:*", "matchCriteriaId": "C05C4617-F33D-40F0-8271-C4FE1578BAF8", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:x7spe-hf:-:*:*:*:*:*:*:*", "matchCriteriaId": "6FF4ECC2-7EF8-4150-AB45-D30B88BE884C", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:x7spe-hf-d525:-:*:*:*:*:*:*:*", "matchCriteriaId": "61EB064B-5A03-4D54-BB55-15AA35B44668", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:x7spt-df-d525:-:*:*:*:*:*:*:*", "matchCriteriaId": "70E3EFB3-9E87-4C5C-B84D-F9A9AAFFED45", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:x7spt-df-d525\\+:-:*:*:*:*:*:*:*", "matchCriteriaId": "5F8C8686-ABA2-466F-8309-D483F128CE0C", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:x8dtl-3f:-:*:*:*:*:*:*:*", "matchCriteriaId": "C82B90F8-3E33-47E5-8D65-92BF39E7091D", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:x8dtl-6f:-:*:*:*:*:*:*:*", "matchCriteriaId": "C681E3DA-6BBB-40C9-B37F-0D37A4EC5DEB", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:x8dtl-if:-:*:*:*:*:*:*:*", "matchCriteriaId": "35FD83D9-1F28-454F-9221-9CF69F8730E6", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:x8dtn\\+-f:-:*:*:*:*:*:*:*", "matchCriteriaId": "47EA3F5D-38B1-4D3F-BA3B-C03598124119", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:x8dtn\\+-f-lr:-:*:*:*:*:*:*:*", "matchCriteriaId": "DDD772BE-13CE-48F7-A24F-28825060561E", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:x8dtu-6f\\+:-:*:*:*:*:*:*:*", "matchCriteriaId": "C38C112C-52D0-4D29-8FF6-298AD01B981C", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:x8dtu-6f\\+-lr:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2D46200-C176-49FE-AB45-CD1706355A56", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:x8dtu-6tf\\+:-:*:*:*:*:*:*:*", "matchCriteriaId": "95798443-906A-445B-8CB7-9FAE8223AAE5", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:x8dtu-6tf\\+-lr:-:*:*:*:*:*:*:*", "matchCriteriaId": "82286D8E-632D-440A-BF94-94331B195222", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:x8dtu-ln4f\\+:-:*:*:*:*:*:*:*", "matchCriteriaId": "24D640B1-0DED-4CF0-AD43-AFFEBE953157", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:x8dtu-ln4f\\+-lr:-:*:*:*:*:*:*:*", "matchCriteriaId": "736B9BD0-E764-4321-A1A5-C8875147F701", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:x8si6-f:-:*:*:*:*:*:*:*", "matchCriteriaId": "0490EB39-70EA-494C-855C-6698B65421FF", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:x8sia-f:-:*:*:*:*:*:*:*", "matchCriteriaId": "F62BC3F2-FCDD-41F6-90F1-1F75273BF4DB", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:x8sie-f:-:*:*:*:*:*:*:*", "matchCriteriaId": "0DB343D9-AA39-4837-AE84-CF8EC50B758A", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:x8sie-ln4f:-:*:*:*:*:*:*:*", "matchCriteriaId": "65D600FF-CA39-40C0-8535-E39971E5C34A", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:x8sil-f:-:*:*:*:*:*:*:*", "matchCriteriaId": "6E690BCC-685E-4A3C-9F30-C0429B6591FC", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:x8sit-f:-:*:*:*:*:*:*:*", "matchCriteriaId": "672B902B-C4B1-4E10-AE16-34C562029D1C", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:x8sit-hf:-:*:*:*:*:*:*:*", "matchCriteriaId": "44BE8D56-4810-470E-B284-CCD1D92736F4", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:x8siu-f:-:*:*:*:*:*:*:*", "matchCriteriaId": "45003169-49AF-4CA0-8E44-0137476D0352", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:x9dax-7f:-:*:*:*:*:*:*:*", "matchCriteriaId": "2F84B957-6385-4533-B8B0-B252B695721A", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:x9dax-7f-hft:-:*:*:*:*:*:*:*", "matchCriteriaId": "A977F207-190D-48ED-AC31-A9D500114F2D", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:x9dax-7tf:-:*:*:*:*:*:*:*", "matchCriteriaId": "7F77C1AD-12C9-492B-82B9-A5469182FEEC", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:x9dax-if:-:*:*:*:*:*:*:*", "matchCriteriaId": "B111BB68-F4D3-471D-8B99-EE4AED27974A", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:x9dax-if-hft:-:*:*:*:*:*:*:*", "matchCriteriaId": "39C2D975-2AEF-4083-820D-356D846DDC59", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:x9dax-itf:-:*:*:*:*:*:*:*", "matchCriteriaId": "A6499489-EFEA-4C8E-B5F5-56F92DF25F2C", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:x9db3-f:-:*:*:*:*:*:*:*", "matchCriteriaId": "E03A480E-8EE9-4040-B1C6-3E60EBD010BA", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:x9db3-tpf:-:*:*:*:*:*:*:*", "matchCriteriaId": "EB68F879-2E55-4D12-8259-13C37004FB33", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:x9dbi-f:-:*:*:*:*:*:*:*", "matchCriteriaId": "9B3B0FFF-0C52-4199-B0FB-0A16DCA5D51B", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:x9dbi-tpf:-:*:*:*:*:*:*:*", "matchCriteriaId": "CF5D8C2C-683C-4670-9878-B879AAABD54D", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:x9dbl-3f:-:*:*:*:*:*:*:*", "matchCriteriaId": "56F818CA-1CB3-48B2-BED0-99C09A6F8259", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:x9dbl-if:-:*:*:*:*:*:*:*", "matchCriteriaId": "2D30206F-EA8A-4EA8-87CB-D6A47F4B75CA", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:x9dbu-3f:-:*:*:*:*:*:*:*", "matchCriteriaId": "4401E676-3E1D-431E-ABAF-89BC9CAC64D5", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:x9dbu-if:-:*:*:*:*:*:*:*", "matchCriteriaId": "F67D8D5E-439D-45E2-A0BB-40EB60DCC0D8", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:x9dr3-f:-:*:*:*:*:*:*:*", "matchCriteriaId": "E9C27D83-5E57-4B7B-B765-B41AAA004C74", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:x9dr3-ln4f\\+:-:*:*:*:*:*:*:*", "matchCriteriaId": "E2D1E2A1-71CA-48F0-8A91-E0AD896D4106", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:x9dr7-ln4f:-:*:*:*:*:*:*:*", "matchCriteriaId": "77777CE0-0095-4318-A194-D14CF4D699CC", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:x9dr7-ln4f-jbod:-:*:*:*:*:*:*:*", "matchCriteriaId": "DC43CCB5-7842-4BD3-B2DB-597815E129CA", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:x9dr7-tf\\+:-:*:*:*:*:*:*:*", "matchCriteriaId": "767854D0-2DE0-4628-B6D7-18161F471718", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:x9drd-7jln4f:-:*:*:*:*:*:*:*", "matchCriteriaId": "E2EF8A1A-3BBC-44DB-8469-14B71495E8AC", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:x9drd-7ln4f:-:*:*:*:*:*:*:*", "matchCriteriaId": "D4102B60-86D2-42AC-86A9-0F690CDA0970", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:x9drd-7ln4f-jbod:-:*:*:*:*:*:*:*", "matchCriteriaId": "097802C6-25DA-4D55-84E7-10B4E5CC59F4", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:x9drd-ef:-:*:*:*:*:*:*:*", "matchCriteriaId": "56C269C6-B569-493E-8D29-CE16C03CCA4F", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:x9drd-if:-:*:*:*:*:*:*:*", "matchCriteriaId": "EBA6459A-758D-46D4-89F4-E4DE71FF48E2", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:x9dre-ln4f:-:*:*:*:*:*:*:*", "matchCriteriaId": "A91DEEFA-BFD4-4EBD-828A-02BBE4CA3F33", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:x9dre-tf\\+:-:*:*:*:*:*:*:*", "matchCriteriaId": "E0853B35-F437-41D3-8126-0C51A788CDCA", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:x9drff:-:*:*:*:*:*:*:*", "matchCriteriaId": "08F263B5-4723-4153-A751-78F539A3C64A", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:x9drff-7:-:*:*:*:*:*:*:*", "matchCriteriaId": "97B9DE20-58F4-4EED-950F-FF8E07313D9D", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:x9drff-7\\+:-:*:*:*:*:*:*:*", "matchCriteriaId": "DFE8879B-78B1-4372-BD32-C09B6EE083DE", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:x9drff-7g\\+:-:*:*:*:*:*:*:*", "matchCriteriaId": "F26B68A6-66A9-4272-B6AE-ADCF0DE1733E", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:x9drff-7t\\+:-:*:*:*:*:*:*:*", "matchCriteriaId": "4A99DE11-2E42-4C5C-9CD2-1B035EC8F0DE", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:x9drff-7tg\\+:-:*:*:*:*:*:*:*", "matchCriteriaId": "C56CCB73-97FB-4F81-8D9E-2F441364AD22", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:x9drff-i\\+:-:*:*:*:*:*:*:*", "matchCriteriaId": "D77595EF-70F4-41DD-85CF-D866AA4B3988", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:x9drff-ig\\+:-:*:*:*:*:*:*:*", "matchCriteriaId": "FB6BEBA8-B432-45BB-8756-AFC6123404B0", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:x9drff-it\\+:-:*:*:*:*:*:*:*", "matchCriteriaId": "E98461CD-D04C-4C72-9F44-EEF0A5C60D26", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:x9drff-itg\\+:-:*:*:*:*:*:*:*", "matchCriteriaId": "71C18651-C28F-459B-B055-A01EE6E81A0D", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:x9drfr:-:*:*:*:*:*:*:*", "matchCriteriaId": "5E124B14-05FE-48AB-9364-48EC03276569", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:x9drg-hf:-:*:*:*:*:*:*:*", "matchCriteriaId": "19D244DE-3A8D-40AF-8151-21886264F62D", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:x9drg-hf\\+:-:*:*:*:*:*:*:*", "matchCriteriaId": "9F154DE4-6D89-46ED-A32D-FB6DA29908B1", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:x9drg-htf:-:*:*:*:*:*:*:*", "matchCriteriaId": "165E5734-ED3F-4EF8-9737-BF0BA8FD45D3", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:x9drg-htf\\+:-:*:*:*:*:*:*:*", "matchCriteriaId": "3DA5EBA4-E2E4-47D5-9B74-DC38BF7982E7", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:x9drh-7f:-:*:*:*:*:*:*:*", "matchCriteriaId": "9E9B93D2-0F82-410E-8936-CCEDD25E7B47", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:x9drh-7tf:-:*:*:*:*:*:*:*", "matchCriteriaId": "58F60960-266E-487C-8F07-4498A6E3EA77", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:x9drh-if:-:*:*:*:*:*:*:*", "matchCriteriaId": "09D477E3-C042-47EE-B43F-03FF4903E2C2", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:x9drh-itf:-:*:*:*:*:*:*:*", "matchCriteriaId": "496EED07-44EA-4E2A-8846-74227DB432A0", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:x9dri-f:-:*:*:*:*:*:*:*", "matchCriteriaId": "CC056CAA-FE35-48DF-864E-3457E9ED6B4D", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:x9dri-ln4f\\+:-:*:*:*:*:*:*:*", "matchCriteriaId": "D29B97C2-5B79-4743-B5AF-77D674835E8F", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:x9drl-3f:-:*:*:*:*:*:*:*", "matchCriteriaId": "86F84B46-E273-44A6-A89D-4E5E47BDAFAE", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:x9drl-ef:-:*:*:*:*:*:*:*", "matchCriteriaId": "E3621F0A-8C0A-4CB3-A1F3-A7416794D185", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:x9drl-if:-:*:*:*:*:*:*:*", "matchCriteriaId": "BA297408-C2FB-45B6-894E-0D491F2E541C", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:x9drt-f:-:*:*:*:*:*:*:*", "matchCriteriaId": "10283C29-ABEF-416A-A45D-BE7EFBB6891E", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:x9drt-h6f:-:*:*:*:*:*:*:*", "matchCriteriaId": "A4B20A3D-E691-4870-953C-5F85CAB5B3AB", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:x9drt-h6ibff:-:*:*:*:*:*:*:*", "matchCriteriaId": "40C88C46-1716-4E4C-8C2A-AC21697E31AF", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:x9drt-h6ibqf:-:*:*:*:*:*:*:*", "matchCriteriaId": "363937AB-EBBD-466D-A9FA-CD70B083D806", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:x9drt-hf\\+:-:*:*:*:*:*:*:*", "matchCriteriaId": "F8D160E0-CB6D-4EAB-87F8-DD5A54AEE993", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:x9drt-ibff:-:*:*:*:*:*:*:*", "matchCriteriaId": "50932978-66A9-4F67-92D1-35E7FA9B4653", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:x9drt-ibqf:-:*:*:*:*:*:*:*", "matchCriteriaId": "08DE585E-EEBE-4DB2-AF04-16038E8B2A0D", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:x9drw-3ln4f\\+:-:*:*:*:*:*:*:*", "matchCriteriaId": "683BBAE2-89D5-4241-A981-8D7A9D8ECB9E", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:x9drw-3tf\\+:-:*:*:*:*:*:*:*", "matchCriteriaId": "7437EDE5-2D70-4A46-B749-2CF13FD1B86B", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:x9drw-7tpf\\+:-:*:*:*:*:*:*:*", "matchCriteriaId": "697C2608-7FD5-4A5B-8E09-1A68DDEBA73E", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:x9drw-itpf\\+:-:*:*:*:*:*:*:*", "matchCriteriaId": "2D5D8E27-2613-4004-ACE4-B7F8643F7095", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:x9drx\\+-f:-:*:*:*:*:*:*:*", "matchCriteriaId": "9F94922A-A450-4D24-83BB-C3A55CC803D3", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:x9qr7-tf:-:*:*:*:*:*:*:*", "matchCriteriaId": "096BE775-0410-4143-AA3C-DE2F70753802", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:x9qr7-tf\\+:-:*:*:*:*:*:*:*", "matchCriteriaId": "47A44372-6B5E-4DB5-AD22-97B80475048B", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:x9qr7-tf-jbod:-:*:*:*:*:*:*:*", "matchCriteriaId": "91B5AF2A-069C-4D87-89E5-11A4CE544F27", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:x9qri-f:-:*:*:*:*:*:*:*", "matchCriteriaId": "84CF273B-3845-48D3-824E-6898ABD4FC53", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:x9qri-f\\+:-:*:*:*:*:*:*:*", "matchCriteriaId": "1BAEE806-A1B6-40C8-BBA6-61AB180E3276", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:x9sbaa-f:-:*:*:*:*:*:*:*", "matchCriteriaId": "56BDF1AE-04B9-402A-AFD5-64FFAECCE5D2", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:x9sca-f:-:*:*:*:*:*:*:*", "matchCriteriaId": "9B3E956A-57C6-46F4-A9EA-CC5F848BB9C7", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:x9scd-f:-:*:*:*:*:*:*:*", "matchCriteriaId": "7D19365C-7125-4EA9-A8EF-02A02ACF85A0", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:x9sce-f:-:*:*:*:*:*:*:*", "matchCriteriaId": "5DA2CE72-088B-4CA6-894D-427CC4F2B6E4", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:x9scff-f:-:*:*:*:*:*:*:*", "matchCriteriaId": "C2682D17-6376-4724-B434-0989FC2221A7", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:x9sci-ln4f:-:*:*:*:*:*:*:*", "matchCriteriaId": "83C1C92F-AC9D-44A2-BD07-6ED22EF5C00B", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:x9scl\\+-f:-:*:*:*:*:*:*:*", "matchCriteriaId": "8E984C99-B5D5-489D-8E90-5472210686BB", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:x9scl-f:-:*:*:*:*:*:*:*", "matchCriteriaId": "0C21D472-2364-4809-89B7-651CA25123BD", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:x9scm-f:-:*:*:*:*:*:*:*", "matchCriteriaId": "A5FCB9C0-8665-4850-A01C-0D1C47F34DE0", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:x9scm-iif:-:*:*:*:*:*:*:*", "matchCriteriaId": "002C6967-4CCC-43B9-A687-B9B21533098E", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:x9spu-f:-:*:*:*:*:*:*:*", "matchCriteriaId": "DFAD56B7-8887-4AA8-9DB4-9DD1F5974DDB", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:x9srd-f:-:*:*:*:*:*:*:*", "matchCriteriaId": "138F57C5-269C-4963-80EA-F1F08AB4B6D3", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:x9sre-3f:-:*:*:*:*:*:*:*", "matchCriteriaId": "B09BF315-D3D9-46C7-8FED-C24496FF57CC", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:x9sre-f:-:*:*:*:*:*:*:*", "matchCriteriaId": "35D289D8-FF90-4CDD-ADF5-EB5C70AC0CB4", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:x9srg-f:-:*:*:*:*:*:*:*", "matchCriteriaId": "DBDDAAF7-FA47-41E5-8722-08AAE9049C29", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:x9sri-3f:-:*:*:*:*:*:*:*", "matchCriteriaId": "D26AE08D-9A49-4E92-A1A9-81502BE94B7C", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:x9sri-f:-:*:*:*:*:*:*:*", "matchCriteriaId": "08A87A49-9B28-49EF-ABC3-2A69FB39C0D0", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:x9srl-f:-:*:*:*:*:*:*:*", "matchCriteriaId": "3047CD31-5589-4030-B31A-3E4EDF251986", "vulnerable": true}, {"criteria": "cpe:2.3:h:supermicro:x9srw-f:-:*:*:*:*:*:*:*", "matchCriteriaId": "CAC06352-2CB3-472C-BE76-A6995415EF47", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC*, H8DG*, H8SCM-F, H8SGL-F, H8SM*, X7SP*, X8DT*, X8SI*, X9DAX-*, X9DB*, X9DR*, X9QR*, X9SBAA-F, X9SC*, X9SPU-F, and X9SR* devices relies on JavaScript code on the client for authorization checks, which allows remote authenticated users to bypass intended access restrictions via a crafted request, related to the PrivilegeCallBack function."}, {"lang": "es", "value": "La interfaz web en la implementaci\u00f3n Intelligent Platform Management Interface (IPMI) en dispositivos Supermicro H8DC*, H8DG*, H8SCM-F, H8SGL-F, H8SM*, X7SP*, X8DT*, X8SI*, X9DAX-*, X9DB*, X9DR*, X9QR*, X9SBAA-F, X9SC*, X9SPU-F y X9SR* confie en el c\u00f3digo JavaScript en el cliente para comprobaciones de autorizaci\u00f3n, lo que permite a usuarios remotos autenticados eludir las restricciones destinadas al acceso a trav\u00e9s de una solicitud manipulada, relacionado con la funci\u00f3n PrivilegeCallBack."}], "id": "CVE-2013-3609", "lastModified": "2024-11-21T01:53:58.910", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-09-08T03:17:39.603", "references": [{"source": "cret@cert.org", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/648646"}, {"source": "cret@cert.org", "url": "http://www.securityfocus.com/bid/62098"}, {"source": "cret@cert.org", "url": "http://www.supermicro.com/products/nfo/files/IPMI/CVE_Update.pdf"}, {"source": "cret@cert.org", "url": "http://www.thomas-krenn.com/en/wiki/Supermicro_IPMI_Security_Updates_November_2013"}, {"source": "cret@cert.org", "url": "https://support.citrix.com/article/CTX216642"}, {"source": "cret@cert.org", "tags": ["Exploit"], "url": "https://www.usenix.org/system/files/conference/woot13/woot13-bonkoski_0.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/648646"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/62098"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.supermicro.com/products/nfo/files/IPMI/CVE_Update.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.thomas-krenn.com/en/wiki/Supermicro_IPMI_Security_Updates_November_2013"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://support.citrix.com/article/CTX216642"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "https://www.usenix.org/system/files/conference/woot13/woot13-bonkoski_0.pdf"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}