What is CVE-2013-3623?

CVE-2013-3623 is a vulnerability in Supermicro Intelligent_platform_management_firmware, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. Published 2013-12-10.

Is CVE-2013-3623 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Buffer overflow in Supermicro Intelligent_platform_management_firmware

CVE-2013-3623

Multiple stack-based buffer overflows in cgi/close_window.cgi in the web interface in the Intelligent Platform Management Interface (IPMI) with firmware before 3.15 (SMT_X9_315) on Supermicro X9 generation motherboards allow remote attacke…

Vulnerability class: Buffer Overflow

EPSS: 0.864 (99.4th percentile) — read the EPSS interpretation.

Affected products

Supermicro Intelligent_platform_management_firmware — versions 2.24
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

Public proof-of-concept exploits

References

29666 (Exploit, exploit, x_refsource_EXPLOIT-DB)
cret@cert.org (x_refsource_CONFIRM, Vendor Advisory)
cret@cert.org (Exploit, x_refsource_MISC)
cret@cert.org (x_refsource_MISC)
cret@cert.org (x_refsource_CONFIRM)
63775 (vdb-entry, x_refsource_BID)

Frequently asked questions

What is CVE-2013-3623?: CVE-2013-3623 is a vulnerability in Supermicro Intelligent_platform_management_firmware, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. Published 2013-12-10.
Is CVE-2013-3623 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.