Stack-based Buffer Overflow in Supermicro IPMI Web Interface
CVE-2013-3607

Currently unrated

Key Information:

Vendor: Supermicro
Status: X7spt-df-d525\+; X7spa-hf-d525; H8sgl-f; X9scd-f
Vendor: CVE Published:; 8 September 2013

What is CVE-2013-3607?

Multiple stack-based buffer overflows have been identified in the web interface of the Intelligent Platform Management Interface (IPMI) on various Supermicro devices. These vulnerabilities allow remote attackers to execute arbitrary code on the Baseboard Management Controller (BMC) by exploiting overflow conditions in user input fields such as the username and password in the login interface. Immediate action is recommended to mitigate potential breaches.

References

http://www.securityfocus.com/bid/62094

vdb-entryx_refsource_BID

http://www.kb.cert.org/vuls/id/648646

third-party-advisoryx_refsource_CERT-VN

http://www.supermicro.com/products/nfo/files/IPMI/CVE_Upd...

x_refsource_CONFIRM

EPSS Score

14% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 8, 2013
Vulnerability Reserved
May 21, 2013