CVE-2013-3623

Supermicro Onboard IPMI CGI Vulnerability Scanner

Title source: metasploit
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2013-3623. PoCs published by Metasploit, hdm, juan vazquez, including Metasploit module auxiliary/scanner/http/smt_ipmi_cgi_scanner.

AI-analyzed exploit summary This Metasploit module exploits a buffer overflow in Supermicro Onboard IPMI's close_window.cgi via a maliciously crafted User-Agent header. It achieves RCE by leveraging a ret2system attack to execute arbitrary commands via the system() function in libc.

Description

Multiple stack-based buffer overflows in cgi/close_window.cgi in the web interface in the Intelligent Platform Management Interface (IPMI) with firmware before 3.15 (SMT_X9_315) on Supermicro X9 generation motherboards allow remote attackers to execute arbitrary code via the (1) sess_sid or (2) ACT parameter.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotehardware
https://www.exploit-db.com/exploits/29666

This Metasploit module exploits a buffer overflow in Supermicro Onboard IPMI's close_window.cgi via a maliciously crafted User-Agent header. It achieves RCE by leveraging a ret2system attack to execute arbitrary commands via the system() function in libc.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Supermicro Onboard IPMI (X9SCL/X9SCM) with firmware SMT_X9_214
No auth needed
Prerequisites: Network access to the vulnerable IPMI web interface
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit SCANNER
by hdm, juan vazquez · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/smt_ipmi_cgi_scanner.rb

This Metasploit module scans for vulnerabilities in Supermicro Onboard IPMI controllers, specifically checking for buffer overflows in login.cgi and close_window.cgi components. It does not exploit the vulnerabilities but confirms their presence by sending crafted requests and analyzing responses.

Classification
Scanner 100%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Supermicro Onboard IPMI controllers
No auth needed
Prerequisites: Network access to the target IPMI interface
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC GOOD
by hdm, juan vazquez · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/smt_ipmi_close_window_bof.rb

This Metasploit module exploits a buffer overflow in Supermicro Onboard IPMI's close_window.cgi via a maliciously crafted User-Agent header. It leverages a ret2system technique to execute arbitrary commands, targeting firmware SMT_X9_214.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Supermicro Onboard IPMI (X9SCL/X9SCM) with firmware SMT_X9_214
No auth needed
Prerequisites: Network access to the vulnerable IPMI interface · Target firmware version SMT_X9_214
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Vendor Advisory x_refsource_confirm
https://support.citrix.com/article/CTX216642
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/29666
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/63775

Scores

EPSS 0.7193
EPSS Percentile 99.4%

Details

CWE
CWE-119
Status published
Products (2)
supermicro/intelligent_platform_management_firmware 2.24
supermicro/intelligent_platform_management_firmware < 2.26
Published Dec 10, 2013
Tracked Since Feb 18, 2026