Lucene search

[email protected]CVE-2023-31037

HistoryJan 24, 2024 - 3:15 a.m.

CVE-2023-31037

2024-01-2403:15:08

CWE-94

CWE-78

[email protected]

web.nvd.nist.gov

nvidia

bluefield

dpu

bmc

ipmitool

code injection

vulnerability

exploit

cve-2023-31037

nvd

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.9%

JSON

NVIDIA Bluefield 2 and Bluefield 3 DPU BMC contains a vulnerability in ipmitool, where a root user may cause code injection by a network call. A successful exploit of this vulnerability may lead to code execution on the OS.

Affected configurations

NVD

Node

nvidiabluefield_2_gaMatch-

nvidiabluefield_2_ltsMatch-

nvidiabluefield_3_gaMatch-

AND

nvidiabluefield_bmcMatch2.8.2-46lts

nvidiabluefield_bmcMatch23.04-

nvidiabluefield_bmcMatch23.07-

nvidiabluefield_bmcMatch23.09-

CPENameOperatorVersion
nvidia:bluefield_bmcnvidia bluefield bmceq2.8.2-46
nvidia:bluefield_bmcnvidia bluefield bmceq23.04
nvidia:bluefield_bmcnvidia bluefield bmceq23.07
nvidia:bluefield_bmcnvidia bluefield bmceq23.09

CPE	Name	Operator	Version
nvidia:bluefield_bmc	nvidia bluefield bmc	eq	2.8.2-46
nvidia:bluefield_bmc	nvidia bluefield bmc	eq	23.04
nvidia:bluefield_bmc	nvidia bluefield bmc	eq	23.07
nvidia:bluefield_bmc	nvidia bluefield bmc	eq	23.09

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Bluefield 2 DPU BMC, BlueField 3 DPU BMC",
    "vendor": "NVIDIA",
    "versions": [
      {
        "status": "affected",
        "version": "LTS:2.8.2-46, 23.04, 23.07, 23.09"
      }
    ]
  }
]

References

nvidia.custhelp.com/app/answers/detail/a_id/5511

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.9%

JSON

Related for CVE-2023-31037

cvelist1 nvidia1 prion1 nvd1