PT-2020-7451 · Supermicro · Supermicro X9+1
Published
2020-01-02
·
Updated
2020-01-15
·
CVE-2013-3619
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
Intelligent Platform Management Interface (IPMI) with firmware for Supermicro X9 generation motherboards before SMT X9 317
Intelligent Platform Management Interface (IPMI) with firmware for Supermicro X8 generation motherboards before SMT X8 312
Description:
The issue concerns hardcoded private encryption keys in the IPMI firmware for certain Supermicro motherboards. Specifically, the keys are used for the Lighttpd web server SSL interface and the Dropbear SSH daemon.
Recommendations:
For Supermicro X9 generation motherboards before SMT X9 317, update the firmware to SMT X9 317 or later.
For Supermicro X8 generation motherboards before SMT X8 312, update the firmware to SMT X8 312 or later.
As a temporary workaround, consider restricting access to the Lighttpd web server SSL interface and the Dropbear SSH daemon until a patch is available.
Exploit
Fix
Using Hardcoded Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Supermicro X8
Supermicro X9