CVE-2013-3620

moderate-risk
Published 2020-01-02

Hardcoded WSMan credentials in Intelligent Platform Management Interface (IPMI) with firmware for Supermicro X9 generation motherboards before 3.15 (SMT_X9_315) and firmware for Supermicro X8 generation motherboards before SMT X8 312.

Do I need to act?

~
1.7% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
NETWORK / LOW complexity

Affected Products (5)

Smt X9 Firmware
Smt X8 Firmware
Netscaler Firmware
Netscaler Sd-Wan Firmware

Affected Vendors

Citrix Supermicro

References (10)

Third Party Advisory http://support.citrix.com/article/CTX216642
Third Party Advisory https://community.rapid7.com/community/metasploit/blog/2013/11/05/supermicro-ipm...
Third Party Advisory https://exchange.xforce.ibmcloud.com/vulnerabilities/89045
Third Party Advisory https://support.citrix.com/article/CTX216642
Vendor Advisory https://www.supermicro.com/products/nfo/files/IPMI/CVE_Update.pdf
Third Party Advisory http://support.citrix.com/article/CTX216642
Third Party Advisory https://community.rapid7.com/community/metasploit/blog/2013/11/05/supermicro-ipm...
Third Party Advisory https://exchange.xforce.ibmcloud.com/vulnerabilities/89045
Third Party Advisory https://support.citrix.com/article/CTX216642
Vendor Advisory https://www.supermicro.com/products/nfo/files/IPMI/CVE_Update.pdf
42
/ 100
moderate-risk
Severity 26/34 · High
Exploitability 4/34 · Minimal
Exposure 12/34 · Low