CVE-2013-3620

Current Description

Hardcoded WSMan credentials in Intelligent Platform Management Interface (IPMI) with firmware for Supermicro X9 generation motherboards before 3.15 (SMT_X9_315) and firmware for Supermicro X8 generation motherboards before SMT X8 312.

Basic Data

PublishedJanuary 02, 2020
Last ModifiedJanuary 14, 2020
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-522
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactNONE
CVSS 2 - Base Score5.0
SeverityMEDIUM
Exploitability Score10.0
Impact Score2.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • AND
    • OR - Configuration 1
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3OSSupermicroSmt X9 Firmware********3.15
    • OR Running on/with:
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3HardwareSupermicroSh7758-*******
  • AND
    • OR - Configuration 2
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3OSSupermicroSmt X8 Firmware********3.12
    • OR Running on/with:
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3HardwareSupermicroSh7757-*******
  • AND
    • OR - Configuration 3
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3OSCitrixNetscaler Sdx Firmware10*******
    • OR Running on/with:
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3HardwareCitrixNetscaler Sdx-*******
  • AND
    • OR - Configuration 4
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3OSCitrixNetscaler Firmware-*******
    • OR Running on/with:
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3HardwareCitrixNetscaler-*******
  • AND
    • OR - Configuration 5
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3OSCitrixNetscaler Sd-wan Firmware-*******
    • OR Running on/with:
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3HardwareCitrixNetscaler Sd-wan-*******

Vulnerable Software List

VendorProductVersions
Supermicro Smt X9 Firmware *
Supermicro Smt X8 Firmware *
Citrix Netscaler Sdx Firmware 10
Citrix Netscaler Firmware -
Citrix Netscaler Sd-wan Firmware -

References

NameSourceURLTags
https://www.supermicro.com/products/nfo/files/IPMI/CVE_Update.pdfCONFIRMhttps://www.supermicro.com/products/nfo/files/IPMI/CVE_Update.pdfVendor Advisory Third Party Advisory Third Party Advisory Third Party Advisory Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/89045MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/89045VDB Entry
https://support.citrix.com/article/CTX216642CONFIRMhttps://support.citrix.com/article/CTX216642
http://support.citrix.com/article/CTX216642CONFIRMhttp://support.citrix.com/article/CTX216642
https://community.rapid7.com/community/metasploit/blog/2013/11/05/supermicro-ipmi-firmware-vulnerabilitiesMISChttps://community.rapid7.com/community/metasploit/blog/2013/11/05/supermicro-ipmi-firmware-vulnerabilities