Details of VAR-201807-0788

ID

VAR-201807-0788

CVE

CVE-2018-13787

TITLE

plural Supermicro Access control vulnerabilities in products

Trust: 0.8

sources: JVNDB: JVNDB-2018-007980

DESCRIPTION

Certain Supermicro X11S, X10, X9, X8SI, K1SP, C9X299, C7, B1, A2, and A1 products have a misconfigured Descriptor Region, allowing OS programs to modify firmware. plural Supermicro The product contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Supermicro X11S and so on are different series of computer motherboards from Supermicro Computer in the United States. A security vulnerability exists in several Supermicro products. The vulnerability originates from a program with a misconfigured Descriptor Region. An attacker could exploit this vulnerability with the help of an operating system program to modify the firmware

Trust: 1.71

sources: NVD: CVE-2018-13787 // JVNDB: JVNDB-2018-007980 // VULHUB: VHN-123881

AFFECTED PRODUCTS

vendor:	supermicro	model:	x10qrh	scope:	eq	version:	-	Trust: 1.6
vendor:	supermicro	model:	x10dsc	scope:	eq	version:	-	Trust: 1.6
vendor:	supermicro	model:	x10sba	scope:	eq	version:	-	Trust: 1.6
vendor:	supermicro	model:	x11sat	scope:	eq	version:	-	Trust: 1.6
vendor:	supermicro	model:	x10sde	scope:	eq	version:	-	Trust: 1.6
vendor:	supermicro	model:	x11sba	scope:	eq	version:	-	Trust: 1.6
vendor:	supermicro	model:	x10dscp	scope:	eq	version:	-	Trust: 1.6
vendor:	supermicro	model:	x10sddf	scope:	eq	version:	-	Trust: 1.6
vendor:	supermicro	model:	x10dsn	scope:	eq	version:	-	Trust: 1.6
vendor:	supermicro	model:	x10drx	scope:	eq	version:	-	Trust: 1.6
vendor:	supermicro	model:	x10srw	scope:	eq	version:	-	Trust: 1.0
vendor:	supermicro	model:	c7z370l	scope:	eq	version:	-	Trust: 1.0
vendor:	supermicro	model:	x10drd	scope:	eq	version:	-	Trust: 1.0
vendor:	supermicro	model:	c7z270l	scope:	eq	version:	-	Trust: 1.0
vendor:	supermicro	model:	c7z170	scope:	eq	version:	-	Trust: 1.0
vendor:	supermicro	model:	b10dri	scope:	eq	version:	-	Trust: 1.0
vendor:	supermicro	model:	x9drffp	scope:	eq	version:	-	Trust: 1.0
vendor:	supermicro	model:	a2san	scope:	eq	version:	-	Trust: 1.0
vendor:	supermicro	model:	c7z270p	scope:	eq	version:	-	Trust: 1.0
vendor:	supermicro	model:	x11srm	scope:	eq	version:	-	Trust: 1.0
vendor:	supermicro	model:	x10drtl	scope:	eq	version:	-	Trust: 1.0
vendor:	supermicro	model:	x10drwn	scope:	eq	version:	-	Trust: 1.0
vendor:	supermicro	model:	x10drln	scope:	eq	version:	-	Trust: 1.0
vendor:	supermicro	model:	c7z170oce	scope:	eq	version:	-	Trust: 1.0
vendor:	supermicro	model:	x10srg	scope:	eq	version:	-	Trust: 1.0
vendor:	supermicro	model:	x10drul	scope:	eq	version:	-	Trust: 1.0
vendor:	supermicro	model:	b1dri	scope:	eq	version:	-	Trust: 1.0
vendor:	supermicro	model:	x10drgh	scope:	eq	version:	-	Trust: 1.0
vendor:	supermicro	model:	x10drtb	scope:	eq	version:	-	Trust: 1.0
vendor:	supermicro	model:	a1srm	scope:	eq	version:	-	Trust: 1.0
vendor:	supermicro	model:	a1sai1	scope:	eq	version:	-	Trust: 1.0
vendor:	supermicro	model:	c9x299	scope:	eq	version:	-	Trust: 1.0
vendor:	supermicro	model:	a1sai	scope:	eq	version:	-	Trust: 1.0
vendor:	supermicro	model:	x10drt	scope:	eq	version:	-	Trust: 1.0
vendor:	supermicro	model:	x10sra	scope:	eq	version:	-	Trust: 1.0
vendor:	supermicro	model:	c7q270	scope:	eq	version:	-	Trust: 1.0
vendor:	supermicro	model:	x10drfg	scope:	eq	version:	-	Trust: 1.0
vendor:	supermicro	model:	x10ddwn	scope:	eq	version:	-	Trust: 1.0
vendor:	supermicro	model:	a1sam	scope:	eq	version:	-	Trust: 1.0
vendor:	supermicro	model:	x10drux	scope:	eq	version:	-	Trust: 1.0
vendor:	supermicro	model:	c7z97mf	scope:	eq	version:	-	Trust: 1.0
vendor:	supermicro	model:	x11ssql	scope:	eq	version:	-	Trust: 1.0
vendor:	supermicro	model:	x10dri1	scope:	eq	version:	-	Trust: 1.0
vendor:	supermicro	model:	x11ssz	scope:	eq	version:	-	Trust: 1.0
vendor:	supermicro	model:	x10srl	scope:	eq	version:	-	Trust: 1.0
vendor:	supermicro	model:	b10drg	scope:	eq	version:	-	Trust: 1.0
vendor:	supermicro	model:	x10drh4	scope:	eq	version:	-	Trust: 1.0
vendor:	supermicro	model:	x10dru	scope:	eq	version:	-	Trust: 1.0
vendor:	supermicro	model:	x10dal	scope:	eq	version:	-	Trust: 1.0
vendor:	supermicro	model:	x9sae	scope:	eq	version:	-	Trust: 1.0
vendor:	supermicro	model:	x8sie	scope:	eq	version:	-	Trust: 1.0
vendor:	supermicro	model:	x10drff	scope:	eq	version:	-	Trust: 1.0
vendor:	supermicro	model:	x8sit	scope:	eq	version:	-	Trust: 1.0
vendor:	supermicro	model:	x10dai	scope:	eq	version:	-	Trust: 1.0
vendor:	supermicro	model:	x10drts	scope:	eq	version:	-	Trust: 1.0
vendor:	supermicro	model:	a2sav	scope:	eq	version:	-	Trust: 1.0
vendor:	supermicro	model:	x10srh	scope:	eq	version:	-	Trust: 1.0
vendor:	supermicro	model:	c7x99oc	scope:	eq	version:	-	Trust: 1.0
vendor:	supermicro	model:	x10srm	scope:	eq	version:	-	Trust: 1.0
vendor:	supermicro	model:	x10drg	scope:	eq	version:	-	Trust: 1.0
vendor:	supermicro	model:	x11sae	scope:	eq	version:	-	Trust: 1.0
vendor:	supermicro	model:	x10drth	scope:	eq	version:	-	Trust: 1.0
vendor:	supermicro	model:	x10drl	scope:	eq	version:	-	Trust: 1.0
vendor:	supermicro	model:	x10ddw4	scope:	eq	version:	-	Trust: 1.0
vendor:	supermicro	model:	x10dax	scope:	eq	version:	-	Trust: 1.0
vendor:	supermicro	model:	x9drgqf	scope:	eq	version:	-	Trust: 1.0
vendor:	supermicro	model:	x10drtps	scope:	eq	version:	-	Trust: 1.0
vendor:	supermicro	model:	c7z270c	scope:	eq	version:	-	Trust: 1.0
vendor:	supermicro	model:	x10dali	scope:	eq	version:	-	Trust: 1.0
vendor:	supermicro	model:	x8sia	scope:	eq	version:	-	Trust: 1.0
vendor:	supermicro	model:	x9drf	scope:	eq	version:	-	Trust: 1.0
vendor:	supermicro	model:	x10dgo	scope:	eq	version:	-	Trust: 1.0
vendor:	supermicro	model:	x9dbl	scope:	eq	version:	-	Trust: 1.0
vendor:	supermicro	model:	x8siu	scope:	eq	version:	-	Trust: 1.0
vendor:	supermicro	model:	x10sdvf	scope:	eq	version:	-	Trust: 1.0
vendor:	supermicro	model:	x9drth	scope:	eq	version:	-	Trust: 1.0
vendor:	supermicro	model:	x11ssv	scope:	eq	version:	-	Trust: 1.0
vendor:	supermicro	model:	a2sap	scope:	eq	version:	-	Trust: 1.0
vendor:	supermicro	model:	b10drt	scope:	eq	version:	-	Trust: 1.0
vendor:	supermicro	model:	x8sil	scope:	eq	version:	-	Trust: 1.0
vendor:	supermicro	model:	x10ddw3	scope:	eq	version:	-	Trust: 1.0
vendor:	supermicro	model:	c7z370i	scope:	eq	version:	-	Trust: 1.0
vendor:	supermicro	model:	c7h270	scope:	eq	version:	-	Trust: 1.0
vendor:	supermicro	model:	b1sd2tf	scope:	eq	version:	-	Trust: 1.0
vendor:	supermicro	model:	x11ssq	scope:	eq	version:	-	Trust: 1.0
vendor:	supermicro	model:	c7z270cg	scope:	eq	version:	-	Trust: 1.0
vendor:	supermicro	model:	c7z170o	scope:	eq	version:	-	Trust: 1.0
vendor:	supermicro	model:	x10ddwi	scope:	eq	version:	-	Trust: 1.0
vendor:	supermicro	model:	x10sdvt	scope:	eq	version:	-	Trust: 1.0
vendor:	supermicro	model:	a1sa	scope:	eq	version:	-	Trust: 1.0
vendor:	supermicro	model:	x10drlc	scope:	eq	version:	-	Trust: 1.0
vendor:	supermicro	model:	b1sa4	scope:	eq	version:	-	Trust: 1.0
vendor:	supermicro	model:	x11sae m	scope:	eq	version:	-	Trust: 1.0
vendor:	supermicro	model:	x11sra	scope:	eq	version:	-	Trust: 1.0
vendor:	supermicro	model:	x10drgo	scope:	eq	version:	-	Trust: 1.0
vendor:	supermicro	model:	c7z97oc	scope:	eq	version:	-	Trust: 1.0
vendor:	supermicro	model:	c7z87oc	scope:	eq	version:	-	Trust: 1.0
vendor:	supermicro	model:	x10srd	scope:	eq	version:	-	Trust: 1.0
vendor:	supermicro	model:	c7b250	scope:	eq	version:	-	Trust: 1.0
vendor:	supermicro	model:	x10drdl	scope:	eq	version:	-	Trust: 1.0
vendor:	supermicro	model:	k1spes	scope:	eq	version:	-	Trust: 1.0
vendor:	supermicro	model:	x10drw	scope:	eq	version:	-	Trust: 1.0
vendor:	supermicro	model:	k1spi	scope:	eq	version:	-	Trust: 1.0
vendor:	supermicro	model:	c7z270m	scope:	eq	version:	-	Trust: 1.0
vendor:	supermicro	model:	x11ssn	scope:	eq	version:	-	Trust: 1.0
vendor:	supermicro	model:	x10drs	scope:	eq	version:	-	Trust: 1.0
vendor:	supermicro	model:	x10drc	scope:	eq	version:	-	Trust: 1.0
vendor:	supermicro	model:	x10sri	scope:	eq	version:	-	Trust: 1.0
vendor:	supermicro	model:	x10drh	scope:	eq	version:	-	Trust: 1.0
vendor:	supermicro	model:	x10drfr	scope:	eq	version:	-	Trust: 1.0
vendor:	super micro computer	model:	a1srm	scope:	-	version:	-	Trust: 0.8
vendor:	super micro computer	model:	a2sav	scope:	-	version:	-	Trust: 0.8
vendor:	super micro computer	model:	b1sd2tf	scope:	-	version:	-	Trust: 0.8
vendor:	super micro computer	model:	c7z97oc	scope:	-	version:	-	Trust: 0.8
vendor:	super micro computer	model:	c9x299	scope:	-	version:	-	Trust: 0.8
vendor:	super micro computer	model:	k1spi	scope:	-	version:	-	Trust: 0.8
vendor:	super micro computer	model:	x10swr	scope:	-	version:	-	Trust: 0.8
vendor:	super micro computer	model:	x11ssz	scope:	-	version:	-	Trust: 0.8
vendor:	super micro computer	model:	x8siu	scope:	-	version:	-	Trust: 0.8
vendor:	super micro computer	model:	x9sae	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2018-007980 // CNNVD: CNNVD-201807-488 // NVD: CVE-2018-13787

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-13787
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-13787
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201807-488
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-123881
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-13787
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-123881
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-13787
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-123881 // JVNDB: JVNDB-2018-007980 // CNNVD: CNNVD-201807-488 // NVD: CVE-2018-13787

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-284	Trust: 0.9

sources: VULHUB: VHN-123881 // JVNDB: JVNDB-2018-007980 // NVD: CVE-2018-13787

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201807-488

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201807-488

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-007980

PATCH

title:	X10 Gen. Listing	url:	https://www.supermicro.com/support/security_Intel-SA-00088.cfm?pg=X10#tab	Trust: 0.8
title:	Multiple Supermicro Product security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84006	Trust: 0.6

sources: JVNDB: JVNDB-2018-007980 // CNNVD: CNNVD-201807-488

EXTERNAL IDS

db:	NVD	id:	CVE-2018-13787	Trust: 2.5
db:	JVNDB	id:	JVNDB-2018-007980	Trust: 0.8
db:	CNNVD	id:	CNNVD-201807-488	Trust: 0.7
db:	VULHUB	id:	VHN-123881	Trust: 0.1

sources: VULHUB: VHN-123881 // JVNDB: JVNDB-2018-007980 // CNNVD: CNNVD-201807-488 // NVD: CVE-2018-13787

REFERENCES

url:	https://blog.eclypsium.com/2018/06/07/firmware-vulnerabilities-in-supermicro-systems/	Trust: 2.5
url:	https://www.bleepingcomputer.com/news/security/firmware-vulnerabilities-disclosed-in-supermicro-server-products/	Trust: 1.7
url:	https://www.supermicro.com/support/security_intel-sa-00088.cfm?pg=x10#tab	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-13787	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-13787	Trust: 0.8
url:	https://www.ibm.com/support/docview.wss?uid=ibm10869134	Trust: 0.6

sources: VULHUB: VHN-123881 // JVNDB: JVNDB-2018-007980 // CNNVD: CNNVD-201807-488 // NVD: CVE-2018-13787

SOURCES

db:	VULHUB	id:	VHN-123881
db:	JVNDB	id:	JVNDB-2018-007980
db:	CNNVD	id:	CNNVD-201807-488
db:	NVD	id:	CVE-2018-13787

LAST UPDATE DATE

2024-11-23T23:05:04.236000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-123881	date:	2019-10-03T00:00:00
db:	JVNDB	id:	JVNDB-2018-007980	date:	2018-10-04T00:00:00
db:	CNNVD	id:	CNNVD-201807-488	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2018-13787	date:	2024-11-21T03:47:59.033

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-123881	date:	2018-07-09T00:00:00
db:	JVNDB	id:	JVNDB-2018-007980	date:	2018-10-04T00:00:00
db:	CNNVD	id:	CNNVD-201807-488	date:	2018-07-09T00:00:00
db:	NVD	id:	CVE-2018-13787	date:	2018-07-09T18:29:00.560