Lucene search

NvidiaCVELIST:CVE-2023-31033

HistoryJan 12, 2024 - 6:31 p.m.

CVE-2023-31033 CVE

2024-01-1218:31:39

CWE-306

nvidia

www.cve.org

cve-2023-31033

nvidia dgx a100

authentication

privilege escalation

code execution

denial of service

information disclosure

data tampering

CVSS3

6.8

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

0.001

Percentile

38.8%

JSON

NVIDIA DGX A100 BMC contains a vulnerability where a user may cause a missing authentication issue for a critical function by an adjacent network . A successful exploit of this vulnerability may lead to escalation of privileges, code execution, denial of service, information disclosure, and data tampering.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "DGX A100",
    "vendor": "nvidia",
    "versions": [
      {
        "status": "affected",
        "version": "All BMC versions prior to 00.22.05"
      }
    ]
  }
]

References

nvidia.custhelp.com/app/answers/detail/a_id/5510

CVSS3

6.8

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

0.001

Percentile

38.8%

JSON

Related for CVELIST:CVE-2023-31033