The web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC*, H8DG*, H8SCM-F, H8SGL-F, H8SM*, X7SP*, X8DT*, X8SI*, X9DAX-*, X9DB*, X9DR*, X9QR*, X9SBAA-F, X9SC*, X9SPU-F, and X9SR* devices allows remote authenticated users to execute arbitrary commands via shell metacharacters, as demonstrated by the IP address field in config_date_time.cgi.
| Version | Base score | Base severity | Vector |
|---|
| Hyperlink | Resource Type |
|---|
The web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC*, H8DG*, H8SCM-F, H8SGL-F, H8SM*, X7SP*, X8DT*, X8SI*, X9DAX-*, X9DB*, X9DR*, X9QR*, X9SBAA-F, X9SC*, X9SPU-F, and X9SR* devices allows remote authenticated users to execute arbitrary commands via shell metacharacters, as demonstrated by the IP address field in config_date_time.cgi.
| Type | CWE ID | Description |
|---|---|---|
| text | N/A | n/a |
| Version | Base score | Base severity | Vector |
|---|
| CAPEC ID | Description |
|---|
| Event | Date |
|---|
| Hyperlink | Resource |
|---|---|
| http://www.kb.cert.org/vuls/id/648646 | third-party-advisory x_refsource_CERT-VN |
| http://www.supermicro.com/products/nfo/files/IPMI/CVE_Update.pdf | x_refsource_CONFIRM |
| https://www.usenix.org/system/files/conference/woot13/woot13-bonkoski_0.pdf | x_refsource_MISC |
| http://www.securityfocus.com/bid/62097 | vdb-entry x_refsource_BID |
| http://www.thomas-krenn.com/en/wiki/Supermicro_IPMI_Security_Updates_November_2013 | x_refsource_MISC |
| https://support.citrix.com/article/CTX216642 | x_refsource_CONFIRM |
| Version | Base score | Base severity | Vector |
|---|
| CAPEC ID | Description |
|---|
| Event | Date |
|---|
| Hyperlink | Resource |
|---|---|
| http://www.kb.cert.org/vuls/id/648646 | third-party-advisory x_refsource_CERT-VN x_transferred |
| http://www.supermicro.com/products/nfo/files/IPMI/CVE_Update.pdf | x_refsource_CONFIRM x_transferred |
| https://www.usenix.org/system/files/conference/woot13/woot13-bonkoski_0.pdf | x_refsource_MISC x_transferred |
| http://www.securityfocus.com/bid/62097 | vdb-entry x_refsource_BID x_transferred |
| http://www.thomas-krenn.com/en/wiki/Supermicro_IPMI_Security_Updates_November_2013 | x_refsource_MISC x_transferred |
| https://support.citrix.com/article/CTX216642 | x_refsource_CONFIRM x_transferred |
The web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC*, H8DG*, H8SCM-F, H8SGL-F, H8SM*, X7SP*, X8DT*, X8SI*, X9DAX-*, X9DB*, X9DR*, X9QR*, X9SBAA-F, X9SC*, X9SPU-F, and X9SR* devices allows remote authenticated users to execute arbitrary commands via shell metacharacters, as demonstrated by the IP address field in config_date_time.cgi.
| Date Added | Due Date | Vulnerability Name | Required Action |
|---|---|---|---|
| N/A |
| Type | Version | Base score | Base severity | Vector |
|---|---|---|---|---|
| Primary | 2.0 | 10.0 | HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |