CVE-2013-3619

moderate-risk
Published 2020-01-02

Intelligent Platform Management Interface (IPMI) with firmware for Supermicro X9 generation motherboards before SMT_X9_317 and firmware for Supermicro X8 generation motherboards before SMT X8 312 contain harcoded private encryption keys for the (1) Lighttpd web server SSL interface and the (2) Dropbear SSH daemon.

Do I need to act?

~
9.5% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.1/10 High
NETWORK / HIGH complexity

Affected Products (5)

Smt X9 Firmware
Smt X8 Firmware
Netscaler Firmware
Netscaler Sd-Wan Firmware

Affected Vendors

Citrix Supermicro

References (10)

Third Party Advisory http://support.citrix.com/article/CTX216642
Third Party Advisory https://community.rapid7.com/community/metasploit/blog/2013/11/05/supermicro-ipm...
Third Party Advisory https://exchange.xforce.ibmcloud.com/vulnerabilities/89044
Third Party Advisory https://support.citrix.com/article/CTX216642
Vendor Advisory https://www.supermicro.com/products/nfo/files/IPMI/CVE_Update.pdf
Third Party Advisory http://support.citrix.com/article/CTX216642
Third Party Advisory https://community.rapid7.com/community/metasploit/blog/2013/11/05/supermicro-ipm...
Third Party Advisory https://exchange.xforce.ibmcloud.com/vulnerabilities/89044
Third Party Advisory https://support.citrix.com/article/CTX216642
Vendor Advisory https://www.supermicro.com/products/nfo/files/IPMI/CVE_Update.pdf
47
/ 100
moderate-risk
Severity 24/34 · High
Exploitability 11/34 · Low
Exposure 12/34 · Low