Lucene search

NvidiaCVELIST:CVE-2023-31015

HistorySep 20, 2023 - 1:12 a.m.

CVE-2023-31015

2023-09-2001:12:02

CWE-287

nvidia

www.cve.org

nvidia dgx h100

bmc

rest service

vulnerability

improper authentication

escalation of privileges

information disclosure

code execution

denial of service

6.6 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L

8.6 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.3%

JSON

NVIDIA DGX H100 BMC contains a vulnerability in the REST service where a host user may cause as improper authentication issue. A successful exploit of this vulnerability may lead to escalation of privileges, information disclosure, code execution, and denial of service.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "DGX H100 BMC",
    "vendor": "NVIDIA",
    "versions": [
      {
        "status": "affected",
        "version": "All versions prior to 23.08.07"
      }
    ]
  }
]

References

nvidia.custhelp.com/app/answers/detail/a_id/5473