Vulnerability-Lookup

CVE-2013-3619 (GCVE-0-2013-3619)

Vulnerability from cvelistv5 – Published: 2020-01-02 17:51 – Updated: 2024-08-06 16:14

Summary

Intelligent Platform Management Interface (IPMI) with firmware for Supermicro X9 generation motherboards before SMT_X9_317 and firmware for Supermicro X8 generation motherboards before SMT X8 312 contain harcoded private encryption keys for the (1) Lighttpd web server SSL interface and the (2) Dropbear SSH daemon.

Severity ?

No CVSS data available.

CWE

Other

Assigner

certcc

References

URL

	Vendor	Product	Version
	Supermicro	IPMI	Affected: before SMT_X9_317 and before SMT X8 312

CERTFR-2016-AVI-303

Vulnerability from certfr_avis - Published: 2016-09-09 - Updated: 2016-09-09

De multiples vulnérabilités ont été corrigées dans les produits Citrix. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Citrix	XenServer	Citrix XenServer version 6.0 sans le correctif de sécurité XS60E063
Citrix	NetScaler	Micrologiciel LOM versions antérieures à 3.39 pour solutions matérielles embarquées NetScaler MPX/SDX de type 11500/13500/14500/16500/18500/20500, 115xx, 17550/19550/20550/21550 et T1110, ainsi que CloudBridge CB4000 et CB5000
Citrix	XenServer	Citrix XenServer version 6.2 SP1 sans le correctif de sécurité XS62ESP1048
Citrix	XenServer	Citrix XenServer version 6.1 sans le correctif de sécurité XS61E073
Citrix	NetScaler	Micrologiciel LOM versions antérieures à 4.08 pour solutions matérielles embarquées NetScaler MPX/SDX de type 14xxx, 25xxx, T1120 et T1300
Citrix	XenServer	Citrix XenServer version 6.0.2 Common Criteria sans le correctif de sécurité XS602ECC034
Citrix	NetScaler	Micrologiciel LOM versions antérieures à 3.21 pour solutions matérielles embarquées NetScaler MPX/SDX de type 8xxx et T1010, ainsi que CloudBridge CB2000 et CB3000
Citrix	XenServer	Citrix XenServer version 6.0.2 sans le correctif de sécurité XS602E057
Citrix	XenServer	Citrix XenServer version 6.5 SP1 sans le correctif de sécurité XS65ESP1038
Citrix	XenServer	Citrix XenServer version 7.0 sans le correctif de sécurité XS70E012
Citrix	NetScaler	Micrologiciel LOM versions antérieures à 3.24 pour solutions matérielles embarquées NetScaler de type 22xxx et T1200

References

Title

Publication Time

Tags

Bulletin de sécurité Citrix CTX216071 du 08 septembre 2016	None	vendor-advisory
Bulletin de sécurité Citrix CTX216642 du 08 septembre 2016	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Citrix XenServer version 6.0 sans le correctif de s\u00e9curit\u00e9 XS60E063",
      "product": {
        "name": "XenServer",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Micrologiciel LOM versions ant\u00e9rieures \u00e0 3.39 pour solutions mat\u00e9rielles embarqu\u00e9es NetScaler MPX/SDX de type 11500/13500/14500/16500/18500/20500, 115xx, 17550/19550/20550/21550 et T1110, ainsi que CloudBridge CB4000 et CB5000",
      "product": {
        "name": "NetScaler",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix XenServer version 6.2 SP1 sans le correctif de s\u00e9curit\u00e9 XS62ESP1048",
      "product": {
        "name": "XenServer",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix XenServer version 6.1 sans le correctif de s\u00e9curit\u00e9 XS61E073",
      "product": {
        "name": "XenServer",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Micrologiciel LOM versions ant\u00e9rieures \u00e0 4.08 pour solutions mat\u00e9rielles embarqu\u00e9es NetScaler MPX/SDX de type 14xxx, 25xxx, T1120 et T1300",
      "product": {
        "name": "NetScaler",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix XenServer version 6.0.2 Common Criteria sans le correctif de s\u00e9curit\u00e9 XS602ECC034",
      "product": {
        "name": "XenServer",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Micrologiciel LOM versions ant\u00e9rieures \u00e0 3.21 pour solutions mat\u00e9rielles embarqu\u00e9es NetScaler MPX/SDX de type 8xxx et T1010, ainsi que CloudBridge CB2000 et CB3000",
      "product": {
        "name": "NetScaler",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix XenServer version 6.0.2 sans le correctif de s\u00e9curit\u00e9 XS602E057",
      "product": {
        "name": "XenServer",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix XenServer version 6.5 SP1 sans le correctif de s\u00e9curit\u00e9 XS65ESP1038",
      "product": {
        "name": "XenServer",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix XenServer version 7.0 sans le correctif de s\u00e9curit\u00e9 XS70E012",
      "product": {
        "name": "XenServer",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Micrologiciel LOM versions ant\u00e9rieures \u00e0 3.24 pour solutions mat\u00e9rielles embarqu\u00e9es NetScaler de type 22xxx et T1200",
      "product": {
        "name": "NetScaler",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2014-3566",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3566"
    },
    {
      "name": "CVE-2015-0292",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0292"
    },
    {
      "name": "CVE-2016-7094",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7094"
    },
    {
      "name": "CVE-2015-0286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0286"
    },
    {
      "name": "CVE-2015-1791",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1791"
    },
    {
      "name": "CVE-2013-4434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4434"
    },
    {
      "name": "CVE-2014-3570",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3570"
    },
    {
      "name": "CVE-2015-0288",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0288"
    },
    {
      "name": "CVE-2016-7093",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7093"
    },
    {
      "name": "CVE-2014-3509",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3509"
    },
    {
      "name": "CVE-2015-4000",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-4000"
    },
    {
      "name": "CVE-2014-3567",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3567"
    },
    {
      "name": "CVE-2015-1789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1789"
    },
    {
      "name": "CVE-2016-7154",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7154"
    },
    {
      "name": "CVE-2013-3619",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-3619"
    },
    {
      "name": "CVE-2015-1788",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1788"
    },
    {
      "name": "CVE-2015-1792",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1792"
    },
    {
      "name": "CVE-2013-3622",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-3622"
    },
    {
      "name": "CVE-2014-3511",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3511"
    },
    {
      "name": "CVE-2014-3568",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3568"
    },
    {
      "name": "CVE-2016-7092",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7092"
    },
    {
      "name": "CVE-2015-0204",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0204"
    },
    {
      "name": "CVE-2015-0293",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0293"
    },
    {
      "name": "CVE-2013-4421",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4421"
    },
    {
      "name": "CVE-2015-0287",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0287"
    },
    {
      "name": "CVE-2013-3608",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-3608"
    },
    {
      "name": "CVE-2014-8275",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8275"
    },
    {
      "name": "CVE-2015-0205",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0205"
    },
    {
      "name": "CVE-2013-3620",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-3620"
    },
    {
      "name": "CVE-2013-3609",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-3609"
    },
    {
      "name": "CVE-2015-0209",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0209"
    },
    {
      "name": "CVE-2014-3572",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3572"
    },
    {
      "name": "CVE-2014-3508",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3508"
    },
    {
      "name": "CVE-2014-3569",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3569"
    },
    {
      "name": "CVE-2013-3607",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-3607"
    },
    {
      "name": "CVE-2013-3621",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-3621"
    },
    {
      "name": "CVE-2013-3623",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-3623"
    }
  ],
  "initial_release_date": "2016-09-09T00:00:00",
  "last_revision_date": "2016-09-09T00:00:00",
  "links": [],
  "reference": "CERTFR-2016-AVI-303",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2016-09-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Citrix\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et un contournement de la\npolitique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Citrix",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Citrix CTX216071 du 08 septembre 2016",
      "url": "http://support.citrix.com/article/CTX216071"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Citrix CTX216642 du 08 septembre 2016",
      "url": "http://support.citrix.com/article/CTX216642"
    }
  ]
}

FKIE_CVE-2013-3619

Vulnerability from fkie_nvd - Published: 2020-01-02 18:15 - Updated: 2024-11-21 01:53

Severity ?

8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
cret@cert.org	http://support.citrix.com/article/CTX216642	Third Party Advisory
cret@cert.org	https://community.rapid7.com/community/metasploit/blog/2013/11/05/supermicro-ipmi-firmware-vulnerabilities	Third Party Advisory
cret@cert.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/89044	Third Party Advisory, VDB Entry
cret@cert.org	https://support.citrix.com/article/CTX216642	Third Party Advisory
cret@cert.org	https://www.supermicro.com/products/nfo/files/IPMI/CVE_Update.pdf	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://support.citrix.com/article/CTX216642	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://community.rapid7.com/community/metasploit/blog/2013/11/05/supermicro-ipmi-firmware-vulnerabilities	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/89044	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://support.citrix.com/article/CTX216642	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.supermicro.com/products/nfo/files/IPMI/CVE_Update.pdf	Vendor Advisory

Impacted products

Vendor	Product	Version
supermicro	smt_x9_firmware	*
supermicro	sh7758	-
supermicro	smt_x8_firmware	*
supermicro	sh7757	-
citrix	netscaler_sdx_firmware	10
citrix	netscaler_sdx	-
citrix	netscaler_firmware	-
citrix	netscaler	-
citrix	netscaler_sd-wan_firmware	-
citrix	netscaler_sd-wan	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:supermicro:smt_x9_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D50B9FF8-6218-48D5-90EE-C99DBF0C2698",
              "versionEndExcluding": "3.15",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:supermicro:sh7758:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3AA07B1-74D3-4C85-B975-75E72227AC67",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:supermicro:smt_x8_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B15E37AF-871A-4C10-9E96-371616F37850",
              "versionEndExcluding": "3.12",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:supermicro:sh7757:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "381D2687-753A-409A-BAD9-EFC0CFBFB50A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:citrix:netscaler_sdx_firmware:10:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D08883C-7070-4E44-8DDA-CB08D7E14C29",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:citrix:netscaler_sdx:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8968E39A-1E16-4B7F-A16A-190EBC20D04F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:citrix:netscaler_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6739C8CD-87C3-46B0-B377-DE350D5361D9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:citrix:netscaler:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC4B3A1D-BD3D-412F-BE63-71F297525FD4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:citrix:netscaler_sd-wan_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4047155D-AB45-49EA-AB67-AA20BE1958DE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:citrix:netscaler_sd-wan:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "66132F6C-592F-4464-9A94-E3412A099B3D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Intelligent Platform Management Interface (IPMI) with firmware for Supermicro X9 generation motherboards before SMT_X9_317 and firmware for Supermicro X8 generation motherboards before SMT X8 312 contain harcoded private encryption keys for the (1) Lighttpd web server SSL interface and the (2) Dropbear SSH daemon."
    },
    {
      "lang": "es",
      "value": "Intelligent Platform Management Interface (IPMI) con firmware para las tarjetas madres generaci\u00f3n X9 Supermicro versiones anteriores a SMT_X9_317 y el firmware para las tarjetas madres generaci\u00f3n X8 Supermicro versiones anteriores a la veris\u00f3n  SMT X8 312, contienen claves de cifrado privadas embebidas para la (1) interfaz SSL del servidor web Lighttpd y el (2) demonio Dropbear SSH."
    }
  ],
  "id": "CVE-2013-3619",
  "lastModified": "2024-11-21T01:53:59.960",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-01-02T18:15:11.323",
  "references": [
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://support.citrix.com/article/CTX216642"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://community.rapid7.com/community/metasploit/blog/2013/11/05/supermicro-ipmi-firmware-vulnerabilities"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89044"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.citrix.com/article/CTX216642"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.supermicro.com/products/nfo/files/IPMI/CVE_Update.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://support.citrix.com/article/CTX216642"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://community.rapid7.com/community/metasploit/blog/2013/11/05/supermicro-ipmi-firmware-vulnerabilities"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89044"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.citrix.com/article/CTX216642"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.supermicro.com/products/nfo/files/IPMI/CVE_Update.pdf"
    }
  ],
  "sourceIdentifier": "cret@cert.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-798"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-9X36-HP8R-PF6P

Vulnerability from github – Published: 2022-05-05 00:29 – Updated: 2022-05-05 00:29

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2013-3619"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-01-02T18:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Intelligent Platform Management Interface (IPMI) with firmware for Supermicro X9 generation motherboards before SMT_X9_317 and firmware for Supermicro X8 generation motherboards before SMT X8 312 contain harcoded private encryption keys for the (1) Lighttpd web server SSL interface and the (2) Dropbear SSH daemon.",
  "id": "GHSA-9x36-hp8r-pf6p",
  "modified": "2022-05-05T00:29:15Z",
  "published": "2022-05-05T00:29:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3619"
    },
    {
      "type": "WEB",
      "url": "https://community.rapid7.com/community/metasploit/blog/2013/11/05/supermicro-ipmi-firmware-vulnerabilities"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89044"
    },
    {
      "type": "WEB",
      "url": "https://support.citrix.com/article/CTX216642"
    },
    {
      "type": "WEB",
      "url": "https://www.supermicro.com/products/nfo/files/IPMI/CVE_Update.pdf"
    },
    {
      "type": "WEB",
      "url": "http://support.citrix.com/article/CTX216642"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2013-3619

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2013-3619

Aliases

CVE-2013-3619

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2013-3619",
    "description": "Intelligent Platform Management Interface (IPMI) with firmware for Supermicro X9 generation motherboards before SMT_X9_317 and firmware for Supermicro X8 generation motherboards before SMT X8 312 contain harcoded private encryption keys for the (1) Lighttpd web server SSL interface and the (2) Dropbear SSH daemon.",
    "id": "GSD-2013-3619"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2013-3619"
      ],
      "details": "Intelligent Platform Management Interface (IPMI) with firmware for Supermicro X9 generation motherboards before SMT_X9_317 and firmware for Supermicro X8 generation motherboards before SMT X8 312 contain harcoded private encryption keys for the (1) Lighttpd web server SSL interface and the (2) Dropbear SSH daemon.",
      "id": "GSD-2013-3619",
      "modified": "2023-12-13T01:22:22.357469Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cert@cert.org",
        "ID": "CVE-2013-3619",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "IPMI",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "before SMT_X9_317 and before SMT X8 312"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Supermicro"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Intelligent Platform Management Interface (IPMI) with firmware for Supermicro X9 generation motherboards before SMT_X9_317 and firmware for Supermicro X8 generation motherboards before SMT X8 312 contain harcoded private encryption keys for the (1) Lighttpd web server SSL interface and the (2) Dropbear SSH daemon."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Other"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://support.citrix.com/article/CTX216642",
            "refsource": "CONFIRM",
            "url": "https://support.citrix.com/article/CTX216642"
          },
          {
            "name": "http://support.citrix.com/article/CTX216642",
            "refsource": "CONFIRM",
            "url": "http://support.citrix.com/article/CTX216642"
          },
          {
            "name": "https://community.rapid7.com/community/metasploit/blog/2013/11/05/supermicro-ipmi-firmware-vulnerabilities",
            "refsource": "MISC",
            "url": "https://community.rapid7.com/community/metasploit/blog/2013/11/05/supermicro-ipmi-firmware-vulnerabilities"
          },
          {
            "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89044",
            "refsource": "MISC",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89044"
          },
          {
            "name": "https://www.supermicro.com/products/nfo/files/IPMI/CVE_Update.pdf",
            "refsource": "CONFIRM",
            "url": "https://www.supermicro.com/products/nfo/files/IPMI/CVE_Update.pdf"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:supermicro:smt_x9_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "3.15",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:supermicro:sh7758:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:supermicro:smt_x8_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "3.12",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:supermicro:sh7757:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:citrix:netscaler_sdx_firmware:10:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:citrix:netscaler_sdx:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:citrix:netscaler_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:citrix:netscaler:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:citrix:netscaler_sd-wan_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:citrix:netscaler_sd-wan:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2013-3619"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Intelligent Platform Management Interface (IPMI) with firmware for Supermicro X9 generation motherboards before SMT_X9_317 and firmware for Supermicro X8 generation motherboards before SMT X8 312 contain harcoded private encryption keys for the (1) Lighttpd web server SSL interface and the (2) Dropbear SSH daemon."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-798"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89044",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89044"
            },
            {
              "name": "http://support.citrix.com/article/CTX216642",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://support.citrix.com/article/CTX216642"
            },
            {
              "name": "https://support.citrix.com/article/CTX216642",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://support.citrix.com/article/CTX216642"
            },
            {
              "name": "https://community.rapid7.com/community/metasploit/blog/2013/11/05/supermicro-ipmi-firmware-vulnerabilities",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://community.rapid7.com/community/metasploit/blog/2013/11/05/supermicro-ipmi-firmware-vulnerabilities"
            },
            {
              "name": "https://www.supermicro.com/products/nfo/files/IPMI/CVE_Update.pdf",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.supermicro.com/products/nfo/files/IPMI/CVE_Update.pdf"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 2.2,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2020-01-15T14:08Z",
      "publishedDate": "2020-01-02T18:15Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2013-3619 (GCVE-0-2013-3619)

CERTFR-2016-AVI-303

Solution

FKIE_CVE-2013-3619

GHSA-9X36-HP8R-PF6P

GSD-2013-3619

Tags

Sightings

Nomenclature