NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can read and write to arbitrary locations within the memory context of the IPMI server process, which may lead to code execution, denial of service, information disclosure and data tampering.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HNvidia Bmc
OSNvidia< 00.19.07Nvidia Dgx A100
HWNvidiawszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCEDoS
Related vulnerabilities
CVE-2023-31030CRITICAL9.3PL ✓ten sam produkt
NVIDIA DGX A100 BMC — stack overflow w demonze KVM umożliwia RCE
CVE-2023-31029CRITICAL9.3PL ✓ten sam produkt
Stack overflow w BMC KVM daemon NVIDIA DGX A100 — RCE bez uwierzytelnienia
CVE-2023-31024CRITICAL9.0PL ✓ten sam produkt
NVIDIA DGX A100 BMC: stack corruption w daemonie KVM umożliwiający RCE
CVE-2023-31032HIGH7.5ten sam produkt
NVIDIA DGX A100 SBIOS contains a vulnerability where a user may cause a dynamic variable evaluation by local a...
CVE-2023-31035HIGH7.5ten sam produkt
NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may cause an SMI callout vulnerability that c...