Remote Access Vulnerability in Supermicro Intelligent Platform Management Interface
CVE-2013-3609

Currently unrated

Key Information:

Vendor: Supermicro
Status: X7spt-df-d525\+; X7spa-hf-d525; H8sgl-f; X9scd-f
Vendor: CVE Published:; 8 September 2013

What is CVE-2013-3609?

The web interface of Supermicro's Intelligent Platform Management Interface (IPMI) is vulnerable due to its reliance on client-side JavaScript for authorization checks. This design flaw enables remote authenticated users to forge crafted requests that bypass access restrictions, potentially compromising the security of sensitive management features. This issue underscores the importance of server-side validation for user authentication processes, highlighting a significant security risk in the affected Supermicro devices.

References

http://www.securityfocus.com/bid/62098

vdb-entryx_refsource_BID

http://www.kb.cert.org/vuls/id/648646

third-party-advisoryx_refsource_CERT-VN

http://www.supermicro.com/products/nfo/files/IPMI/CVE_Upd...

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 8, 2013
Vulnerability Reserved
May 21, 2013