CVE-2013-3607

Name of the Vulnerable Software and Affected Versions Supermicro H8DC* versions (affected versions not specified) Supermicro H8DG* versions (affected versions not specified) Supermicro H8SCM-F versions (affected versions not specified) Supermicro H8SM* versions (affected versions not specified) Supermicro X7SP* versions (affected versions not specified) Supermicro X8DT* versions (affected versions not specified) Supermicro X8SI* versions (affected versions not specified) Supermicro X9DAX-* versions (affected versions not specified) Supermicro X9DB* versions (affected versions not specified) Supermicro X9DR* versions (affected versions not specified) Supermicro X9QR* versions (affected versions not specified) Supermicro X9SBAA-F versions (affected versions not specified) Supermicro X9SC* versions (affected versions not specified) Supermicro X9SPU-F versions (affected versions not specified) Supermicro X9SR* versions (affected versions not specified)

Description The issue is related to multiple stack-based buffer overflows in the web interface of the Intelligent Platform Management Interface (IPMI) implementation. This allows remote attackers to execute arbitrary code on the Baseboard Management Controller (BMC). The vulnerability can be demonstrated through the username or password field in the "login.cgi" endpoint.

Recommendations For Supermicro H8DC*, consider disabling the web interface until a patch is available. For Supermicro H8DG*, restrict access to the "login.cgi" endpoint to minimize the risk of exploitation. For Supermicro H8SCM-F, avoid using the username and password fields in the "login.cgi" endpoint until the issue is resolved. For Supermicro H8SM*, X7SP*, X8DT*, X8SI*, X9DAX-, X9DB, X9DR*, X9QR*, X9SBAA-F, X9SC*, X9SPU-F, and X9SR*, at the moment, there is no information about a newer version that contains a fix for this vulnerability.