NVD

Id
39375  
Name
CVE-2013-3608  
Description
The web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC*, H8DG*, H8SCM-F, H8SGL-F, H8SM*, X7SP*, X8DT*, X8SI*, X9DAX-*, X9DB*, X9DR*, X9QR*, X9SBAA-F, X9SC*, X9SPU-F, and X9SR* devices allows remote authenticated users to execute arbitrary commands via shell metacharacters, as demonstrated by the IP address field in config_date_time.cgi.  
Reject
 
CVSS Version
2  
CVSS Score
10  
Severity
High  
CVSS Base Score
10  
CVSS Impact Subscore
10  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:C/I:C/A:C)  
Pub Date
2017-01-18  
Published
2013-09-07  
Modified Date
2016-11-28  
Seq
2013-3608  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
200863 39375 CVE-2013-3608 VU#648646  View
200864 39375 CVE-2013-3608 62097  View
200865 39375 CVE-2013-3608 http://www.supermicro.com/products/nfo/files/IPMI/CVE_Update.pdf  View
200866 39375 CVE-2013-3608 http://www.thomas-krenn.com/en/wiki/Supermicro_IPMI_Security_Updates_November_2013  View
200867 39375 CVE-2013-3608 https://www.usenix.org/system/files/conference/woot13/woot13-bonkoski_0.pdf  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
22418 JVNDB-2013-003993 複数の Supermicro デバイス製品の IPMI における任意のコマンドを実行される脆弱性 複数の Supermicro デバイス製品の Intelligent Platform Management Interface (IPMI) が実装する Web インターフェースには、任意のコマンドを実行される脆弱性が存在します。 CVE-2013-3608 63550 CVE-2013-3608 39375 10 http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-003993.html 2013-08-30 2013-12-26 View