HIGH🇵🇱 Wersja polska

CVE-2023-31037

CVSS 7.2v3.1pub. 2024-01-24upd. 2024-11-21

NVIDIA Bluefield 2 and Bluefield 3 DPU BMC contains a vulnerability in ipmitool, where a root user may cause code injection by a network call. A successful exploit of this vulnerability may lead to code execution on the OS.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  • Nvidia Bluefield 2 Ga

    HW
    Nvidia
    wszystkie wersje
  • Nvidia Bluefield 2 Lts

    HW
    Nvidia
    wszystkie wersje
  • Nvidia Bluefield 3 Ga

    HW
    Nvidia
    wszystkie wersje
  • Nvidia Bluefield Bmc

    APP
    Nvidia
    23.0423.0723.092.8.2-46
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCECommand Injection
CWE
References

Related vulnerabilities

CVE-2023-25519HIGH7.8ten sam produkt

NVIDIA ConnectX Host Firmware for the BlueField Data Processing Unit contains a vulnerability where a restric...

CVE-2026-24207CRITICAL9.8PL ✓ten sam vendor

Authentication Bypass w NVIDIA Triton Inference Server umożliwiający RCE

CVE-2026-24178CRITICAL9.8PL ✓ten sam vendor

NVIDIA NVFlare – authorization bypass przez klucz kontrolowany przez użytkownika

CVE-2025-33222CRITICAL9.8PL ✓ten sam vendor

NVIDIA Isaac Launchable — podatność hard-coded credentials (RCE, DoS)

CVE-2025-33223CRITICAL9.8PL ✓ten sam vendor

NVIDIA Isaac Launchable — wykonanie kodu z nadmiernymi uprawnieniami