Details of VAR-190001-0109

ID

VAR-190001-0109

TITLE

Multiple Security Bypass Vulnerabilities in Supermicro IPMI Web Interface

Trust: 0.6

sources: CNVD: CNVD-2011-4186

DESCRIPTION

Supermicro IPMI is an IPMI card in AMD products that can be powered on remotely and enter the BIOS for system control. Supermicro IPMI has two management accounts for WEB interface access: 'ADMIN' 'Anonymous' official file only tells the user to change the 'ADMIN' account password. Specify an empty username by SSH. The default password uses the lowercase 'admin' to bypass the restricted login system. Supermicro is prone to multiple security-bypass vulnerabilities. Successfully exploiting these issues will allow attackers to bypass security restrictions and perform unauthorized actions. The following versions are affected: Supermicro X8SI6-F Supermicro X9SCL-F

Trust: 0.81

sources: CNVD: CNVD-2011-4186 // BID: 50097

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2011-4186

AFFECTED PRODUCTS

vendor:	super	model:	micro computer supermicro x9scl-f	scope:	-	version:	-	Trust: 0.9
vendor:	super	model:	micro computer supermicro x8scl-f	scope:	-	version:	-	Trust: 0.6
vendor:	super	model:	micro computer supermicro x8si6-f	scope:	-	version:	-	Trust: 0.3

sources: CNVD: CNVD-2011-4186 // BID: 50097

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201110-273

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201110-273

EXTERNAL IDS

db:	BID	id:	50097	Trust: 1.5
db:	PACKETSTORM	id:	105730	Trust: 0.6
db:	CNVD	id:	CNVD-2011-4186	Trust: 0.6
db:	CNNVD	id:	CNNVD-201110-273	Trust: 0.6

sources: CNVD: CNVD-2011-4186 // BID: 50097 // CNNVD: CNNVD-201110-273

REFERENCES

url:	http://packetstormsecurity.org/files/view/105730/supermicroipmi-default.txt	Trust: 0.6
url:	http://www.securityfocus.com/bid/50097	Trust: 0.6
url:	http://www.supermicro.com/about/	Trust: 0.3

sources: CNVD: CNVD-2011-4186 // BID: 50097 // CNNVD: CNNVD-201110-273

CREDITS

Floris Bos

Trust: 0.9

sources: BID: 50097 // CNNVD: CNNVD-201110-273

SOURCES

db:	CNVD	id:	CNVD-2011-4186
db:	BID	id:	50097
db:	CNNVD	id:	CNNVD-201110-273

LAST UPDATE DATE

2022-05-17T01:59:17.199000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2011-4186	date:	2011-10-14T00:00:00
db:	BID	id:	50097	date:	2011-10-13T00:00:00
db:	CNNVD	id:	CNNVD-201110-273	date:	2011-10-18T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2011-4186	date:	2011-10-14T00:00:00
db:	BID	id:	50097	date:	2011-10-13T00:00:00
db:	CNNVD	id:	CNNVD-201110-273	date:	1900-01-01T00:00:00