HIGH🇵🇱 Wersja polska

CVE-2023-25507

CVSS 7.2v3.1pub. 2023-04-22upd. 2024-11-21

NVIDIA DGX-1 BMC contains a vulnerability in the SPX REST API, where an attacker with the appropriate level of authorization can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure, and data tampering.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  • Nvidia Bmc

    OS
    Nvidia
    < 3.39.30
  • Nvidia Dgx 1

    HW
    Nvidia
    wszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCEDoSCommand Injection
CWE
References

Related vulnerabilities

CVE-2020-11483CRITICAL9.8ten sam produkt

NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30 and all DGX-2 with BMC firmware vers...

CVE-2020-11486CRITICAL9.8ten sam produkt

NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30, contain a vulnerability in the AMI ...

CVE-2023-0209HIGH8.2ten sam produkt

NVIDIA DGX-1 SBIOS contains a vulnerability in the Uncore PEI module, where authentication of the code execute...

CVE-2023-0200HIGH7.5ten sam produkt

NVIDIA DGX-2 contains a vulnerability in OFBD where a user with high privileges and a pre-conditioned heap can...

CVE-2023-25505HIGH7.8ten sam produkt

NVIDIA DGX-1 BMC contains a vulnerability in the IPMI handler of the AMI MegaRAC BMC , where an attacker with ...