SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

Download | Alert*

CVE

CVE-2013-3619

Intelligent Platform Management Interface (IPMI) with firmware for Supermicro X9 generation motherboards before SMT_X9_317 and firmware for Supermicro X8 generation motherboards before SMT X8 312 contain harcoded private encryption keys for the (1) Lighttpd web server SSL interface and the (2) Dropbear SSH daemon.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:		CVSS V2 Severity:
CVSS Score : 8.1		CVSS Score : 4.3
Exploit Score: 2.2		Exploit Score: 8.6
Impact Score: 5.9		Impact Score: 2.9

CVSS V3 Metrics:		CVSS V2 Metrics:
Attack Vector: NETWORK		Access Vector: NETWORK
Attack Complexity: HIGH		Access Complexity: MEDIUM
Privileges Required: NONE		Authentication: NONE
User Interaction: NONE		Confidentiality: PARTIAL
Scope: UNCHANGED		Integrity: NONE
Confidentiality: HIGH		Availability: NONE
Integrity: HIGH
Availability: HIGH

Reference:

http://support.citrix.com/article/CTX216642

https://community.rapid7.com/community/metasploit/blog/2013/11/05/supermicro-ipmi-firmware-vulnerabilities

https://exchange.xforce.ibmcloud.com/vulnerabilities/89044

https://support.citrix.com/article/CTX216642

https://www.supermicro.com/products/nfo/files/IPMI/CVE_Update.pdf


30481



423868



256148



909



199106



282