VAR-190001-0109
Vulnerability from variot - Updated: 2022-05-17 01:59Supermicro IPMI is an IPMI card in AMD products that can be powered on remotely and enter the BIOS for system control. Supermicro IPMI has two management accounts for WEB interface access: 'ADMIN' 'Anonymous' official file only tells the user to change the 'ADMIN' account password. Specify an empty username by SSH. The default password uses the lowercase 'admin' to bypass the restricted login system. Supermicro is prone to multiple security-bypass vulnerabilities. Successfully exploiting these issues will allow attackers to bypass security restrictions and perform unauthorized actions. The following versions are affected: Supermicro X8SI6-F Supermicro X9SCL-F
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-190001-0109",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "micro computer supermicro x9scl-f",
"scope": null,
"trust": 0.9,
"vendor": "super",
"version": null
},
{
"model": "micro computer supermicro x8scl-f",
"scope": null,
"trust": 0.6,
"vendor": "super",
"version": null
},
{
"model": "micro computer supermicro x8si6-f",
"scope": null,
"trust": 0.3,
"vendor": "super",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-4186"
},
{
"db": "BID",
"id": "50097"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Floris Bos",
"sources": [
{
"db": "BID",
"id": "50097"
},
{
"db": "CNNVD",
"id": "CNNVD-201110-273"
}
],
"trust": 0.9
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Supermicro IPMI is an IPMI card in AMD products that can be powered on remotely and enter the BIOS for system control. Supermicro IPMI has two management accounts for WEB interface access: \u0027ADMIN\u0027 \u0027Anonymous\u0027 official file only tells the user to change the \u0027ADMIN\u0027 account password. Specify an empty username by SSH. The default password uses the lowercase \u0027admin\u0027 to bypass the restricted login system. Supermicro is prone to multiple security-bypass vulnerabilities. \nSuccessfully exploiting these issues will allow attackers to bypass security restrictions and perform unauthorized actions. \nThe following versions are affected:\nSupermicro X8SI6-F\nSupermicro X9SCL-F",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-4186"
},
{
"db": "BID",
"id": "50097"
}
],
"trust": 0.81
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "50097",
"trust": 1.5
},
{
"db": "PACKETSTORM",
"id": "105730",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2011-4186",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201110-273",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-4186"
},
{
"db": "BID",
"id": "50097"
},
{
"db": "CNNVD",
"id": "CNNVD-201110-273"
}
]
},
"id": "VAR-190001-0109",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-4186"
}
],
"trust": 1.2125
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-4186"
}
]
},
"last_update_date": "2022-05-17T01:59:17.199000Z",
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.6,
"url": "http://packetstormsecurity.org/files/view/105730/supermicroipmi-default.txt"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/50097"
},
{
"trust": 0.3,
"url": "http://www.supermicro.com/about/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-4186"
},
{
"db": "BID",
"id": "50097"
},
{
"db": "CNNVD",
"id": "CNNVD-201110-273"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2011-4186"
},
{
"db": "BID",
"id": "50097"
},
{
"db": "CNNVD",
"id": "CNNVD-201110-273"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-10-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-4186"
},
{
"date": "2011-10-13T00:00:00",
"db": "BID",
"id": "50097"
},
{
"date": "1900-01-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201110-273"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-10-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-4186"
},
{
"date": "2011-10-13T00:00:00",
"db": "BID",
"id": "50097"
},
{
"date": "2011-10-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201110-273"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201110-273"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple Security Bypass Vulnerabilities in Supermicro IPMI Web Interface",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-4186"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201110-273"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…