Remote Code Execution Vulnerability in Supermicro IPMI Firmware
CVE-2013-3622

Currently unrated

Key Information:

Vendor: Supermicro
Status: Intelligent Platform Management Firmware
Vendor: CVE Published:; 10 December 2013

What is CVE-2013-3622?

A buffer overflow vulnerability exists in the logout.cgi component of the Intelligent Platform Management Interface (IPMI) on Supermicro X9 generation motherboards. This flaw affects firmware versions prior to 3.15 (SMT_X9_315), allowing remote authenticated users to exploit the vulnerability via the SID parameter. Successful exploitation can lead to arbitrary code execution on the affected system, posing significant security risks to the integrity and availability of the affected devices.

References

http://www.securityfocus.com/bid/64259

vdb-entryx_refsource_BID

https://community.rapid7.com/community/metasploit/blog/20...

x_refsource_MISC

https://support.citrix.com/article/CTX216642

x_refsource_CONFIRM

EPSS Score

5% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 10, 2013
Vulnerability Reserved
May 21, 2013