CVE-2013-3619 — Hard-coded Credentials in SMT X8 Firmware

CWE-798 — Hard-coded Credentials3 documents3 sources

Severity

8.1HIGHNVD

EPSS

9.5%

top 7.18%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Supermicro SMT X8 Firmware Supermicro SMT X9 Firmware Supermicro Ipmi +1 more

Timeline

PublishedJan 2

Latest updateMay 5

Description

Intelligent Platform Management Interface (IPMI) with firmware for Supermicro X9 generation motherboards before SMT_X9_317 and firmware for Supermicro X8 generation motherboards before SMT X8 312 contain harcoded private encryption keys for the (1) Lighttpd web server SSL interface and the (2) Dropbear SSH daemon.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages4 packages

▶NVDsupermicro/smt_x8_firmware< 3.12

▶NVDsupermicro/smt_x9_firmware< 3.15

▶CVEListV5supermicro/ipmibefore SMT_X9_317 and before SMT X8 312

▶NVDcitrix/netscaler_sdx_firmware10

🔴Vulnerability Details

GHSA

GHSA-9x36-hp8r-pf6p: Intelligent Platform Management Interface (IPMI) with firmware for Supermicro X9 generation motherboards before SMT_X9_317 and firmware for Supermicro↗2022-05-05

▶

CVEList

CVE-2013-3619: Intelligent Platform Management Interface (IPMI) with firmware for Supermicro X9 generation motherboards before SMT_X9_317 and firmware for Supermicro↗2020-01-02

▶