CVE-2013-3620 — Insufficiently Protected Credentials in SMT X8 Firmware

CWE-522 — Insufficiently Protected Credentials3 documents3 sources

Severity

7.5HIGHNVD

EPSS

1.7%

top 17.63%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Supermicro SMT X8 Firmware Supermicro SMT X9 Firmware Supermicro Ipmi +1 more

Timeline

PublishedJan 2

Latest updateMay 5

Description

Hardcoded WSMan credentials in Intelligent Platform Management Interface (IPMI) with firmware for Supermicro X9 generation motherboards before 3.15 (SMT_X9_315) and firmware for Supermicro X8 generation motherboards before SMT X8 312.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶NVDsupermicro/smt_x8_firmware< 3.12

▶NVDsupermicro/smt_x9_firmware< 3.15

▶CVEListV5supermicro/ipmibefore 3.15 (SMT_X9_315) and before SMT X8 312

▶NVDcitrix/netscaler_sdx_firmware10

🔴Vulnerability Details

GHSA

GHSA-f9jf-2mqx-xf55: Hardcoded WSMan credentials in Intelligent Platform Management Interface (IPMI) with firmware for Supermicro X9 generation motherboards before 3↗2022-05-05

▶

CVEList

CVE-2013-3620: Hardcoded WSMan credentials in Intelligent Platform Management Interface (IPMI) with firmware for Supermicro X9 generation motherboards before 3↗2020-01-02

▶