← Back

CVE-2013-3609

nvd nist
Published: Sep 8, 2013Modified: Apr 29, 2026

JSON object

Loading...
10.0
Vector
AV:N/AC:L/Au:N/C:C/I:C/A:C
Exploitability: 10.0 / Impact: 10.0
Source: NVD

Description

The web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC*, H8DG*, H8SCM-F, H8SGL-F, H8SM*, X7SP*, X8DT*, X8SI*, X9DAX-*, X9DB*, X9DR*, X9QR*, X9SBAA-F, X9SC*, X9SPU-F, and X9SR* devices relies on JavaScript code on the client for authorization checks, which allows remote authenticated users to bypass intended access restrictions via a crafted request, related to the PrivilegeCallBack function.

Affected (133)

Products: Supermicro: H8dcl 6f, H8dcl If, H8dct Hibqf, H8dct Hln4f, H8dct Ibqf, H8dg6 F, H8dgg Qf, H8dgi F, H8dgt Hf, H8dgt Hibqf, H8dgt Hlf, H8dgt Hlibqf, H8dgu F, H8dgu Ln4f+, H8scm F, H8sgl F, H8sme F, H8sml 7, H8sml 7f, H8sml I, H8sml If, X7spa Hf, X7spa Hf D525, X7spe H D525, X7spe Hf, X7spe Hf D525, X7spt Df D525+, X8dtl 3f, X8dtl 6f, X8dtl If, X8dtn+ F, X8dtn+ F Lr, X8dtu 6f+, X8dtu 6f+ Lr, X8dtu 6tf+, X8dtu 6tf+ Lr, X8dtu Ln4f+, X8dtu Ln4f+ Lr, X8si6 F, X8sia F, X8sie F, X8sie Ln4f, X8sil F, X8sit F, X8sit Hf, X8siu F, X9dax 7f, X9dax 7f Hft, X9dax 7tf, X9dax If, X9dax If Hft, X9dax Itf, X9db3 F, X9db3 Tpf, X9dbi F, X9dbi Tpf, X9dbl 3f, X9dbl If, X9dbu 3f, X9dbu If, X9dr3 F, X9dr3 Ln4f+, X9dr7 Ln4f, X9dr7 Ln4f Jbod, X9dr7 Tf+, X9drd 7jln4f, X9drd 7ln4f, X9drd 7ln4f Jbod, X9drd Ef, X9drd If, X9dre Ln4f, X9dre Tf+, X9drff, X9drff 7+, X9drff 7g+, X9drff 7t+, X9drff 7tg+, X9drff I+, X9drff Ig+, X9drff It+, X9drff Itg+, X9drfr, X9drg Hf+, X9drg Htf+, X9drh 7f, X9drh 7tf, X9drh If, X9drh Itf, X9dri F, X9dri Ln4f+, X9drl 3f, X9drl Ef, X9drl If, X9drt F, X9drt H6f, X9drt H6ibff, X9drt H6ibqf, X9drt Hf+, X9drt Ibff, X9drt Ibqf, X9drw 3ln4f+, X9drw 3tf+, X9drw 7tpf+, X9drw Itpf+, X9drx+ F, X9qr7 Tf+, X9qr7 Tf Jbod, X9qri F+, X9sbaa F, X9sca F, X9scd F, X9sce F, X9scff F, X9sci Ln4f, X9scl F, X9scm F, X9scm Iif, X9spu F, X9srd F, X9sre 3f, X9sre F, X9srg F, X9sri 3f, X9sri F, X9srl F, X9srw F
Supermicro
126 products
H8dcl 6f
H8dcl If
H8dct Hibqf
H8dct Hln4f
H8dct Ibqf
H8dg6 F
H8dgg Qf
H8dgi F
H8dgt Hf
H8dgt Hibqf
H8dgt Hlf
H8dgt Hlibqf
H8dgu F
H8dgu Ln4f+
H8scm F
H8sgl F
H8sme F
H8sml 7
H8sml 7f
H8sml I
H8sml If
X7spa Hf
X7spa Hf D525
X7spe H D525
X7spe Hf
X7spe Hf D525
X7spt Df D525+
X8dtl 3f
X8dtl 6f
X8dtl If
X8dtn+ F
X8dtn+ F Lr
X8dtu 6f+
X8dtu 6f+ Lr
X8dtu 6tf+
X8dtu 6tf+ Lr
X8dtu Ln4f+
X8dtu Ln4f+ Lr
X8si6 F
X8sia F
X8sie F
X8sie Ln4f
X8sil F
X8sit F
X8sit Hf
X8siu F
X9dax 7f
X9dax 7f Hft
X9dax 7tf
X9dax If
X9dax If Hft
X9dax Itf
X9db3 F
X9db3 Tpf
X9dbi F
X9dbi Tpf
X9dbl 3f
X9dbl If
X9dbu 3f
X9dbu If
X9dr3 F
X9dr3 Ln4f+
X9dr7 Ln4f
X9dr7 Ln4f Jbod
X9dr7 Tf+
X9drd 7jln4f
X9drd 7ln4f
X9drd 7ln4f Jbod
X9drd Ef
X9drd If
X9dre Ln4f
X9dre Tf+
X9drff
X9drff 7+
X9drff 7g+
X9drff 7t+
X9drff 7tg+
X9drff I+
X9drff Ig+
X9drff It+
X9drff Itg+
X9drfr
X9drg Hf+
X9drg Htf+
X9drh 7f
X9drh 7tf
X9drh If
X9drh Itf
X9dri F
X9dri Ln4f+
X9drl 3f
X9drl Ef
X9drl If
X9drt F
X9drt H6f
X9drt H6ibff
X9drt H6ibqf
X9drt Hf+
X9drt Ibff
X9drt Ibqf
X9drw 3ln4f+
X9drw 3tf+
X9drw 7tpf+
X9drw Itpf+
X9drx+ F
X9qr7 Tf+
X9qr7 Tf Jbod
X9qri F+
X9sbaa F
X9sca F
X9scd F
X9sce F
X9scff F
X9sci Ln4f
X9scl F
X9scm F
X9scm Iif
X9spu F
X9srd F
X9sre 3f
X9sre F
X9srg F
X9sri 3f
X9sri F
X9srl F
X9srw F
Configuration A
133 vulnerable
Vulnerable SoftwareAffected Versions
H8dcl 6f
All versions
H8dcl If
All versions
H8dct Hibqf
All versions
H8dct Hln4f
All versions
H8dct Ibqf
All versions
H8dg6 F
All versions
H8dgg Qf
All versions
H8dgi F
All versions
H8dgt Hf
All versions
H8dgt Hibqf
All versions
H8dgt Hlf
All versions
H8dgt Hlibqf
All versions
H8dgu F
All versions
H8dgu Ln4f+
All versions
H8scm F
All versions
H8sgl F
All versions
H8sme F
All versions
H8sml 7
All versions
H8sml 7f
All versions
H8sml I
All versions
H8sml If
All versions
X7spa Hf
All versions
X7spa Hf D525
All versions
X7spe H D525
All versions
X7spe Hf
All versions
X7spe Hf D525
All versions
X7spt Df D525
All versions
X7spt Df D525+
All versions
X8dtl 3f
All versions
X8dtl 6f
All versions
X8dtl If
All versions
X8dtn+ F
All versions
X8dtn+ F Lr
All versions
X8dtu 6f+
All versions
X8dtu 6f+ Lr
All versions
X8dtu 6tf+
All versions
X8dtu 6tf+ Lr
All versions
X8dtu Ln4f+
All versions
X8dtu Ln4f+ Lr
All versions
X8si6 F
All versions
X8sia F
All versions
X8sie F
All versions
X8sie Ln4f
All versions
X8sil F
All versions
X8sit F
All versions
X8sit Hf
All versions
X8siu F
All versions
X9dax 7f
All versions
X9dax 7f Hft
All versions
X9dax 7tf
All versions
X9dax If
All versions
X9dax If Hft
All versions
X9dax Itf
All versions
X9db3 F
All versions
X9db3 Tpf
All versions
X9dbi F
All versions
X9dbi Tpf
All versions
X9dbl 3f
All versions
X9dbl If
All versions
X9dbu 3f
All versions
X9dbu If
All versions
X9dr3 F
All versions
X9dr3 Ln4f+
All versions
X9dr7 Ln4f
All versions
X9dr7 Ln4f Jbod
All versions
X9dr7 Tf+
All versions
X9drd 7jln4f
All versions
X9drd 7ln4f
All versions
X9drd 7ln4f Jbod
All versions
X9drd Ef
All versions
X9drd If
All versions
X9dre Ln4f
All versions
X9dre Tf+
All versions
X9drff
All versions
X9drff 7
All versions
X9drff 7+
All versions
X9drff 7g+
All versions
X9drff 7t+
All versions
X9drff 7tg+
All versions
X9drff I+
All versions
X9drff Ig+
All versions
X9drff It+
All versions
X9drff Itg+
All versions
X9drfr
All versions
X9drg Hf
All versions
X9drg Hf+
All versions
X9drg Htf
All versions
X9drg Htf+
All versions
X9drh 7f
All versions
X9drh 7tf
All versions
X9drh If
All versions
X9drh Itf
All versions
X9dri F
All versions
X9dri Ln4f+
All versions
X9drl 3f
All versions
X9drl Ef
All versions
X9drl If
All versions
X9drt F
All versions
X9drt H6f
All versions
X9drt H6ibff
All versions
X9drt H6ibqf
All versions
X9drt Hf+
All versions
X9drt Ibff
All versions
X9drt Ibqf
All versions
X9drw 3ln4f+
All versions
X9drw 3tf+
All versions
X9drw 7tpf+
All versions
X9drw Itpf+
All versions
X9drx+ F
All versions
X9qr7 Tf
All versions
X9qr7 Tf+
All versions
X9qr7 Tf Jbod
All versions
X9qri F
All versions
X9qri F+
All versions
X9sbaa F
All versions
X9sca F
All versions
X9scd F
All versions
X9sce F
All versions
X9scff F
All versions
X9sci Ln4f
All versions
X9scl+ F
All versions
X9scl F
All versions
X9scm F
All versions
X9scm Iif
All versions
X9spu F
All versions
X9srd F
All versions
X9sre 3f
All versions
X9sre F
All versions
X9srg F
All versions
X9sri 3f
All versions
X9sri F
All versions
X9srl F
All versions
X9srw F
All versions

Related CWEs

CWE-20
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (12)

Source: cret@cert.org
US Government Resource
Source: cret@cert.org
Source: cret@cert.org
Source: cret@cert.org
Source: cret@cert.org
Source: cret@cert.org
Exploit
Source: af854a3a-2127-422b-91ae-364da2661108
US Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit

Timeline

No history available yet.