CVE-2013-3619

HIGH

Supermicro Onboard IPMI Static SSL Certificate Scanner

Title source: metasploit

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-3619. PoCs published by hdm, juan, including Metasploit module auxiliary/scanner/http/smt_ipmi_static_cert_scanner.

AI-analyzed exploit summary This Metasploit module scans for Supermicro Onboard IPMI controllers vulnerable to CVE-2013-3619 by checking if the SSL certificate matches a known static private key. It verifies the certificate against the hardcoded private key to detect vulnerable systems.

Description

Intelligent Platform Management Interface (IPMI) with firmware for Supermicro X9 generation motherboards before SMT_X9_317 and firmware for Supermicro X8 generation motherboards before SMT X8 312 contain harcoded private encryption keys for the (1) Lighttpd web server SSL interface and the (2) Dropbear SSH daemon.

Exploits (1)

metasploit SCANNER

by hdm, juan · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/smt_ipmi_static_cert_scanner.rb

View Code ZIP pw:eip

This Metasploit module scans for Supermicro Onboard IPMI controllers vulnerable to CVE-2013-3619 by checking if the SSL certificate matches a known static private key. It verifies the certificate against the hardcoded private key to detect vulnerable systems.

Classification

Scanner 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Supermicro Onboard IPMI (X9SCL/X9SCM) with firmware version SMT_X9_214

No auth needed

Prerequisites: Network access to the target IPMI controller on port 443

MITRE ATT&CK

T1592 - Gather Victim Host Information

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Third Party Advisory x_refsource_confirm

https://support.citrix.com/article/CTX216642

Third Party Advisory x_refsource_confirm

http://support.citrix.com/article/CTX216642

Third Party Advisory x_refsource_misc

https://community.rapid7.com/community/metasploit/blog/2013/11/05/supermicro-ipmi-firmware-vulnerabilities

Third Party Advisory, VDB Entry x_refsource_misc

https://exchange.xforce.ibmcloud.com/vulnerabilities/89044

Vendor Advisory x_refsource_confirm

https://www.supermicro.com/products/nfo/files/IPMI/CVE_Update.pdf

Scores

CVSS v3 8.1

EPSS 0.0969

EPSS Percentile 94.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-798

Status published

Products (5)

citrix/netscaler_firmware

citrix/netscaler_sd-wan_firmware

citrix/netscaler_sdx_firmware 10

supermicro/smt_x8_firmware < 3.12

supermicro/smt_x9_firmware < 3.15

Published Jan 02, 2020

Tracked Since Feb 18, 2026