Description
The web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC*, H8DG*, H8SCM-F, H8SGL-F, H8SM*, X7SP*, X8DT*, X8SI*, X9DAX-*, X9DB*, X9DR*, X9QR*, X9SBAA-F, X9SC*, X9SPU-F, and X9SR* devices allows remote authenticated users to execute arbitrary commands via shell metacharacters, as demonstrated by the IP address field in config_date_time.cgi.
Published: 2013-09-08
Score: 10.0 Critical
EPSS: 1.9% Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2013-3542 The web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC*, H8DG*, H8SCM-F, H8SGL-F, H8SM*, X7SP*, X8DT*, X8SI*, X9DAX-*, X9DB*, X9DR*, X9QR*, X9SBAA-F, X9SC*, X9SPU-F, and X9SR* devices allows remote authenticated users to execute arbitrary commands via shell metacharacters, as demonstrated by the IP address field in config_date_time.cgi.
History

No history.

Subscriptions

Supermicro H8dcl-6f H8dcl-if H8dct-hibqf H8dct-hln4f H8dct-ibqf H8dg6-f H8dgg-qf H8dgi-f H8dgt-hf H8dgt-hibqf H8dgt-hlf H8dgt-hlibqf H8dgu-f H8dgu-ln4f\+ H8scm-f H8sgl-f H8sme-f H8sml-7 H8sml-7f H8sml-i H8sml-if X7spa-hf X7spa-hf-d525 X7spe-h-d525 X7spe-hf X7spe-hf-d525 X7spt-df-d525 X7spt-df-d525\+ X8dtl-3f X8dtl-6f X8dtl-if X8dtn\+-f X8dtn\+-f-lr X8dtu-6f\+ X8dtu-6f\+-lr X8dtu-6tf\+ X8dtu-6tf\+-lr X8dtu-ln4f\+ X8dtu-ln4f\+-lr X8si6-f X8sia-f X8sie-f X8sie-ln4f X8sil-f X8sit-f X8sit-hf X8siu-f X9dax-7f X9dax-7f-hft X9dax-7tf X9dax-if X9dax-if-hft X9dax-itf X9db3-f X9db3-tpf X9dbi-f X9dbi-tpf X9dbl-3f X9dbl-if X9dbu-3f X9dbu-if X9dr3-f X9dr3-ln4f\+ X9dr7-ln4f X9dr7-ln4f-jbod X9dr7-tf\+ X9drd-7jln4f X9drd-7ln4f X9drd-7ln4f-jbod X9drd-ef X9drd-if X9dre-ln4f X9dre-tf\+ X9drff X9drff-7 X9drff-7\+ X9drff-7g\+ X9drff-7t\+ X9drff-7tg\+ X9drff-i\+ X9drff-ig\+ X9drff-it\+ X9drff-itg\+ X9drfr X9drg-hf X9drg-hf\+ X9drg-htf X9drg-htf\+ X9drh-7f X9drh-7tf X9drh-if X9drh-itf X9dri-f X9dri-ln4f\+ X9drl-3f X9drl-ef X9drl-if X9drt-f X9drt-h6f X9drt-h6ibff X9drt-h6ibqf X9drt-hf\+ X9drt-ibff X9drt-ibqf X9drw-3ln4f\+ X9drw-3tf\+ X9drw-7tpf\+ X9drw-itpf\+ X9drx\+-f X9qr7-tf X9qr7-tf-jbod X9qr7-tf\+ X9qri-f X9qri-f\+ X9sbaa-f X9sca-f X9scd-f X9sce-f X9scff-f X9sci-ln4f X9scl-f X9scl\+-f X9scm-f X9scm-iif X9spu-f X9srd-f X9sre-3f X9sre-f X9srg-f X9sri-3f X9sri-f X9srl-f X9srw-f
cve-icon MITRE

Status: PUBLISHED

Assigner: certcc

Published:

Updated: 2024-08-06T16:14:56.542Z

Reserved: 2013-05-21T00:00:00.000Z

Link: CVE-2013-3608

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2013-09-08T03:17:39.587

Modified: 2026-04-29T01:13:23.040

Link: CVE-2013-3608

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses