CVE-2013-3619
Supermicro Onboard IPMI Static SSL Certificate Scanner
Severity Score
8.1
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Intelligent Platform Management Interface (IPMI) with firmware for Supermicro X9 generation motherboards before SMT_X9_317 and firmware for Supermicro X8 generation motherboards before SMT X8 312 contain harcoded private encryption keys for the (1) Lighttpd web server SSL interface and the (2) Dropbear SSH daemon.
Intelligent Platform Management Interface (IPMI) con firmware para las tarjetas madres generación X9 Supermicro versiones anteriores a SMT_X9_317 y el firmware para las tarjetas madres generación X8 Supermicro versiones anteriores a la verisón SMT X8 312, contienen claves de cifrado privadas embebidas para la (1) interfaz SSL del servidor web Lighttpd y el (2) demonio Dropbear SSH.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2013-05-21 CVE Reserved
- 2020-01-02 CVE Published
- 2024-08-06 CVE Updated
- 2024-08-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-798: Use of Hard-coded Credentials
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| http://support.citrix.com/article/CTX216642 | Third Party Advisory | |
| https://community.rapid7.com/community/metasploit/blog/2013/11/05/supermicro-ipmi-firmware-vulnerabilities | Third Party Advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/89044 | Third Party Advisory | |
| https://support.citrix.com/article/CTX216642 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.supermicro.com/products/nfo/files/IPMI/CVE_Update.pdf | 2020-01-15 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Supermicro Search vendor "Supermicro" | Smt X9 Firmware Search vendor "Supermicro" for product "Smt X9 Firmware" | < 3.15 Search vendor "Supermicro" for product "Smt X9 Firmware" and version " < 3.15" | - |
Affected
| in | Supermicro Search vendor "Supermicro" | Sh7758 Search vendor "Supermicro" for product "Sh7758" | - | - |
Safe
|
| Supermicro Search vendor "Supermicro" | Smt X8 Firmware Search vendor "Supermicro" for product "Smt X8 Firmware" | < 3.12 Search vendor "Supermicro" for product "Smt X8 Firmware" and version " < 3.12" | - |
Affected
| in | Supermicro Search vendor "Supermicro" | Sh7757 Search vendor "Supermicro" for product "Sh7757" | - | - |
Safe
|
| Citrix Search vendor "Citrix" | Netscaler Sdx Firmware Search vendor "Citrix" for product "Netscaler Sdx Firmware" | 10 Search vendor "Citrix" for product "Netscaler Sdx Firmware" and version "10" | - |
Affected
| in | Citrix Search vendor "Citrix" | Netscaler Sdx Search vendor "Citrix" for product "Netscaler Sdx" | - | - |
Safe
|
| Citrix Search vendor "Citrix" | Netscaler Firmware Search vendor "Citrix" for product "Netscaler Firmware" | - | - |
Affected
| in | Citrix Search vendor "Citrix" | Netscaler Search vendor "Citrix" for product "Netscaler" | - | - |
Safe
|
| Citrix Search vendor "Citrix" | Netscaler Sd-wan Firmware Search vendor "Citrix" for product "Netscaler Sd-wan Firmware" | - | - |
Affected
| in | Citrix Search vendor "Citrix" | Netscaler Sd-wan Search vendor "Citrix" for product "Netscaler Sd-wan" | - | - |
Safe
|