Stack-Based Buffer Overflow in Supermicro X9 Motherboards' IPMI Web Interface
CVE-2013-3623

Currently unrated

Key Information:

Vendor: Supermicro
Status: Intelligent Platform Management Firmware
Vendor: CVE Published:; 10 December 2013

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 81%

What is CVE-2013-3623?

Multiple stack-based buffer overflows exist in the web interface of the Intelligent Platform Management Interface (IPMI) for Supermicro X9 generation motherboards. Specifically, vulnerabilities are triggered via the sess_sid or ACT parameters, allowing remote attackers to execute arbitrary code. This flaw affects firmware versions prior to 3.15, posing significant security risks if exploited.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

Metasploit exploit module for CVE-2013-3623
Created by Rapid7

References

http://www.exploit-db.com/exploits/29666

exploitx_refsource_EXPLOIT-DB

http://www.supermicro.com/products/nfo/files/IPMI/CVE_Upd...

x_refsource_CONFIRM

https://community.rapid7.com/community/metasploit/blog/20...

x_refsource_MISC

EPSS Score

81% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 10, 2013
🟡
Public PoC available
Nov 7, 2013
👾
Exploit known to exist
Nov 7, 2013
Vulnerability Reserved
May 21, 2013