← back
CVE-2013-3619

CVE-2013-3619

EPSS 9.7%
Vexday Risk Score
18Low
SSVC decision (CISA)
Attend
PoC available → attend closely
CVSS EPSS 9.7%KEV nãoPoC Nuclei Metasploit simPatch
Lifecycle
06 Nov 2013Metasploit module available
02 Jan 2020Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
Intelligent Platform Management Interface (IPMI) with firmware for Supermicro X9 generation motherboards before SMT_X9_317 and firmware for Supermicro X8 generation motherboards before SMT X8 312 contain harcoded private encryption keys for the (1) Lighttpd web server SSL interface and the (2) Dropbear SSH daemon.
Affected products
Supermicro · IPMI

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://community.rapid7.com/community/metasploit/blog/2013/11/05/supermicro-ipmi-firmware-vulnerabilitieshttps://exchange.xforce.ibmcloud.com/vulnerabilities/89044https://support.citrix.com/article/CTX216642http://support.citrix.com/article/CTX216642https://www.supermicro.com/products/nfo/files/IPMI/CVE_Update.pdf