CVE-2018-13787

high-risk

Published 2018-07-09

Certain Supermicro X11S, X10, X9, X8SI, K1SP, C9X299, C7, B1, A2, and A1 products have a misconfigured Descriptor Region, allowing OS programs to modify firmware.

Do I need to act?

0.16% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.7/10 Medium

LOCAL / LOW complexity

Affected Products (20)

X11Ssz Firmware

X11Ssv Firmware

X11Ssql Firmware

X11Ssq Firmware

X11Ssn Firmware

X11Srm Firmware

X11Sra Firmware

X11Sba Firmware

X11Sat Firmware

X11Sae M Firmware

X11Sae Firmware

X10Srw Firmware

X10Srm Firmware

X10Srl Firmware

X10Sri Firmware

X10Srh Firmware

X10Srg Firmware

X10Srd Firmware

X10Sra Firmware

X10Sdvt Firmware

Affected Vendors

Supermicro

References (6)

Third Party Advisory https://blog.eclypsium.com/2018/06/07/firmware-vulnerabilities-in-supermicro-sys...

Third Party Advisory https://www.bleepingcomputer.com/news/security/firmware-vulnerabilities-disclose...

Third Party Advisory https://www.supermicro.com/support/security_Intel-SA-00088.cfm?pg=X10#tab

Third Party Advisory https://blog.eclypsium.com/2018/06/07/firmware-vulnerabilities-in-supermicro-sys...

Third Party Advisory https://www.bleepingcomputer.com/news/security/firmware-vulnerabilities-disclose...

Third Party Advisory https://www.supermicro.com/support/security_Intel-SA-00088.cfm?pg=X10#tab

/ 100

high-risk

Severity 21/34 · High

Exploitability 1/34 · Minimal

Exposure 31/34 · Critical