Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvidiaNvidiaNVIDIA:5511
HistoryJan 22, 2024 - 12:00 a.m.

Security Bulletin: NVIDIA BlueField 2 and 3 BMC - January 2024

2024-01-2200:00:00
nvidia.custhelp.com
14
nvidia
firmware update
bluefield
bmc
ipmitool vulnerability
security
cve-2023-31037
dpu
code execution
lts

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

7.7

Confidence

Low

EPSS

0.001

Percentile

22.8%

JSON

NVIDIA has released a firmware update for NVIDIA BlueField DPU Baseboard Management Controller (BMC).

To protect your system, download and install this firmware update from the NVIDIA DOCA Software Framework page.

Go to NVIDIA Product Security.

Details

This section provides a summary of potential vulnerabilities that this security update addresses and their impact. Descriptions use CWE™, and base scores and vectors use CVSS v3.1 standards.

CVE ID Description Vector Base Score Severity CWE Impacts
CVE‑2023‑31037 NVIDIA Bluefield 2 and Bluefield 3 DPU BMC contains a vulnerability in ipmitool, where a root user may cause code injection by a network call. A successful exploit of this vulnerability may lead to code execution on the OS. AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 7.2 High CWE‑94 Code execution

The NVIDIA risk assessment is based on an average of risk across a diverse set of installed systems and may not represent the true risk to your local installation. NVIDIA recommends evaluating the risk to your specific configuration.

Security Updates

The following table lists the NVIDIA products affected, versions affected, and the updated version that includes this security update.

CVE IDs Addressed Affected Product(s) Platform/OS Affected Version(s) Updated Version
CVE‑2023‑31037 Bluefield 2 DPU BMC, BlueField 3 DPU BMC BMC software LTS:2.8.2-46
23.04
23.07
23.09

LTS: 2.8.2-51

23.10

Acknowledgements

NVIDIA thanks HaoKun Yang for reporting issue CVE‑2023‑31037.

Related

cvelist 1
nvd 1
prion 1
cve 1
cvelist
cvelist
CVE-2023-31037
2024-01-24 02:12:30
nvd
nvd
CVE-2023-31037
2024-01-24 03:15:08
prion
prion
Code injection
2024-01-24 03:15:00
cve
cve
CVE-2023-31037
2024-01-24 03:15:08

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

7.7

Confidence

Low

EPSS

0.001

Percentile

22.8%

JSON
Related for NVIDIA:5511
cvelist1nvd1prion1cve1