Lucene search

K

NVIDIA DGX Servers Security Vulnerabilities

cve
cve

CVE-2023-25507

NVIDIA DGX-1 BMC contains a vulnerability in the SPX REST API, where an attacker with the appropriate level of authorization can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure, and data...

8.8CVSS

8.6AI Score

0.001EPSS

2023-04-22 03:15 AM
28
cve
cve

CVE-2023-25506

NVIDIA DGX-1 contains a vulnerability in Ofbd in AMI SBIOS, where a preconditioned heap can allow a user with elevated privileges to cause an access beyond the end of a buffer, which may lead to code execution, escalation of privileges, denial of service and information disclosure. The scope of...

8.2CVSS

8.2AI Score

0.001EPSS

2023-04-22 03:15 AM
24
cve
cve

CVE-2023-25509

NVIDIA DGX-1 SBIOS contains a vulnerability in Bds, which may lead to code execution, denial of service, and escalation of...

7.8CVSS

8AI Score

0.0004EPSS

2023-04-22 03:15 AM
24
cve
cve

CVE-2023-25505

NVIDIA DGX-1 BMC contains a vulnerability in the IPMI handler of the AMI MegaRAC BMC , where an attacker with the appropriate level of authorization can cause a buffer overflow, which may lead to denial of service, information disclosure, or arbitrary code...

7.8CVSS

8.2AI Score

0.0004EPSS

2023-04-22 03:15 AM
23
cve
cve

CVE-2023-25508

NVIDIA DGX-1 BMC contains a vulnerability in the IPMI handler, where an attacker with the appropriate level of authorization can upload and download arbitrary files under certain circumstances, which may lead to denial of service, escalation of privileges, information disclosure, and data...

7.8CVSS

8AI Score

0.0005EPSS

2023-04-22 03:15 AM
25
cve
cve

CVE-2023-0209

NVIDIA DGX-1 SBIOS contains a vulnerability in the Uncore PEI module, where authentication of the code executed by SSA is missing, which may lead to arbitrary code execution, denial of service, escalation of privileges assisted by a firmware implant, information disclosure assisted by a firmware...

8.2CVSS

8.3AI Score

0.0004EPSS

2023-04-22 03:15 AM
25
cve
cve

CVE-2023-0202

NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may modify arbitrary memory of SMRAM by exploiting the GenericSio and LegacySmmSredir SMM APIs. A successful exploit of this vulnerability may lead to denial of service, escalation of privileges, and information...

7.8CVSS

7.6AI Score

0.0004EPSS

2023-04-22 03:15 AM
16
cve
cve

CVE-2023-0207

NVIDIA DGX-2 SBIOS contains a vulnerability where an attacker may modify the ServerSetup NVRAM variable at runtime by executing privileged code. A successful exploit of this vulnerability may lead to denial of...

7.5CVSS

4.6AI Score

0.0004EPSS

2023-04-22 03:15 AM
19
cve
cve

CVE-2023-0200

NVIDIA DGX-2 contains a vulnerability in OFBD where a user with high privileges and a pre-conditioned heap can cause an access beyond a buffers end, which may lead to code execution, escalation of privileges, denial of service, and information...

7.5CVSS

7.2AI Score

0.001EPSS

2023-04-22 03:15 AM
25
cve
cve

CVE-2023-0206

NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may modify arbitrary memory of SMRAM by exploiting the NVME SMM API. A successful exploit of this vulnerability may lead to denial of service, escalation of privileges, and information...

7.8CVSS

7.6AI Score

0.0004EPSS

2023-04-22 03:15 AM
21
cve
cve

CVE-2023-0201

NVIDIA DGX-2 SBIOS contains a vulnerability in Bds, where a user with high privileges can cause a write beyond the bounds of an indexable resource, which may lead to code execution, denial of service, compromised integrity, and information...

6.7CVSS

7AI Score

0.0004EPSS

2023-04-22 03:15 AM
31
cve
cve

CVE-2022-42287

NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can upload and download arbitrary files under certain circumstances, which may lead to denial of service, escalation of privileges, information disclosure and data...

7.8CVSS

7.6AI Score

0.0005EPSS

2023-01-13 04:15 AM
27
cve
cve

CVE-2022-42286

DGX A100 SBIOS contains a vulnerability in Bds, which may lead to code execution, denial of service, or escalation of...

7.8CVSS

7.8AI Score

0.0004EPSS

2023-01-13 04:15 AM
26
cve
cve

CVE-2022-42288

NVIDIA BMC contains a vulnerability in IPMI handler, where an unauthorized attacker can use certain oracles to guess a valid BMC username, which may lead to an information...

5.3CVSS

4.9AI Score

0.001EPSS

2023-01-13 04:15 AM
28
cve
cve

CVE-2022-42290

NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure and data...

8.8CVSS

8.4AI Score

0.001EPSS

2023-01-13 04:15 AM
33
cve
cve

CVE-2022-42289

NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure and data...

8.8CVSS

8.4AI Score

0.001EPSS

2023-01-13 04:15 AM
32
cve
cve

CVE-2022-42279

NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure and data...

8.8CVSS

8.7AI Score

0.001EPSS

2023-01-13 02:15 AM
26
cve
cve

CVE-2022-42281

NVIDIA DGX A100 contains a vulnerability in SBIOS in the FsRecovery, which may allow a highly privileged local attacker to cause an out-of-bounds write, which may lead to code execution, denial of service, compromised integrity, and information...

6.7CVSS

6.3AI Score

0.0004EPSS

2023-01-13 02:15 AM
24
cve
cve

CVE-2022-42280

NVIDIA BMC contains a vulnerability in SPX REST auth handler, where an un-authorized attacker can exploit a path traversal, which may lead to authentication...

7.8CVSS

7.5AI Score

0.0004EPSS

2023-01-13 02:15 AM
26
cve
cve

CVE-2022-42282

NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can access arbitrary files, which may lead to information...

6.5CVSS

5.2AI Score

0.0005EPSS

2023-01-13 02:15 AM
27
cve
cve

CVE-2022-42283

NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can cause a buffer overflow and cause a denial of service or gain code...

7.8CVSS

8AI Score

0.0004EPSS

2023-01-13 02:15 AM
27
cve
cve

CVE-2022-42278

NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can read and write to arbitrary locations within the memory context of the IPMI server process, which may lead to code execution, denial of service, information disclosure and data...

7.8CVSS

7.5AI Score

0.0004EPSS

2023-01-13 02:15 AM
25
cve
cve

CVE-2022-42284

NVIDIA BMC stores user passwords in an obfuscated form in a database accessible by the host. This may lead to a credentials...

6.2CVSS

5.4AI Score

0.0004EPSS

2023-01-13 02:15 AM
24
cve
cve

CVE-2022-42285

DGX A100 SBIOS contains a vulnerability in the Pre-EFI Initialization (PEI)phase, where a privileged user can disable SPI flash protection, which may lead to denial of service, escalation of privileges, or data...

7.8CVSS

7.6AI Score

0.0004EPSS

2023-01-13 02:15 AM
24
cve
cve

CVE-2022-42276

NVIDIA DGX A100 contains a vulnerability in SBIOS in the SmiFlash, where a local user with elevated privileges can read, write and erase flash, which may lead to code execution, escalation of privileges, denial of service, and information disclosure. The scope of impact can extend to other...

8.2CVSS

8AI Score

0.001EPSS

2023-01-13 02:15 AM
22
cve
cve

CVE-2022-42277

NVIDIA DGX Station contains a vulnerability in SBIOS in the SmiFlash, where a local user with elevated privileges can read, write and erase flash, which may lead to code execution, escalation of privileges, denial of service, and information disclosure. The scope of impact can extend to other...

8.2CVSS

8AI Score

0.001EPSS

2023-01-13 02:15 AM
28
cve
cve

CVE-2022-42275

NVIDIA BMC IPMI handler allows an unauthenticated host to write to a host SPI flash bypassing secureboot protections. This may lead to a loss of integrity and denial of...

7.7CVSS

6.9AI Score

0.0004EPSS

2023-01-13 01:15 AM
28
cve
cve

CVE-2022-42274

NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can cause a buffer overflow and cause a denial of service or gain code...

7.8CVSS

8AI Score

0.0004EPSS

2023-01-13 01:15 AM
26
cve
cve

CVE-2022-42273

NVIDIA BMC contains a vulnerability in libwebsocket, where an authorized attacker can cause a buffer overflow and cause a denial of service or gain code...

8.8CVSS

9AI Score

0.001EPSS

2023-01-12 11:15 PM
24
cve
cve

CVE-2022-42272

NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can cause a buffer overflow, which may lead to code execution, denial of service or escalation of...

8.8CVSS

8.8AI Score

0.001EPSS

2023-01-12 11:15 PM
24
cve
cve

CVE-2022-42271

NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can cause a buffer overflow and cause a denial of service or gain code...

8.4CVSS

8AI Score

0.0004EPSS

2023-01-11 06:15 AM
22
cve
cve

CVE-2020-11616

NVIDIA DGX servers, all BMC firmware versions prior to 3.38.30, contain a vulnerability in the AMI BMC firmware in which the Pseudo-Random Number Generator (PRNG) algorithm used in the JSOL package that implements the IPMI protocol is not cryptographically strong, which may lead to information...

7.5CVSS

7.6AI Score

0.002EPSS

2020-10-29 04:15 AM
32
cve
cve

CVE-2020-11489

NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30 and all DGX-2 with BMC firmware versions prior to 1.06.06, contain a vulnerability in the AMI BMC firmware in which default SNMP community strings are used, which may lead to information...

7.5CVSS

7.6AI Score

0.002EPSS

2020-10-29 04:15 AM
34
cve
cve

CVE-2020-11484

NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30, contains a vulnerability in the AMI BMC firmware in which an attacker with administrative privileges can obtain the hash of the BMC/IPMI user password, which may lead to information...

4.9CVSS

5.7AI Score

0.001EPSS

2020-10-29 04:15 AM
31
cve
cve

CVE-2020-11485

NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30, contains a Cross-Site Request Forgery (CSRF) vulnerability in the AMI BMC firmware in which the web application does not sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the....

8.8CVSS

8.9AI Score

0.001EPSS

2020-10-29 04:15 AM
31
cve
cve

CVE-2020-11488

NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30 and all DGX-2 with BMC firmware versions prior to 1.06.06, contains a vulnerability in the AMI BMC firmware in which software does not validate the RSA 1024 public key used to verify the firmware signature, which may lead to....

6.7CVSS

7.2AI Score

0.0004EPSS

2020-10-29 04:15 AM
31
cve
cve

CVE-2020-11487

NVIDIA DGX servers, DGX-1 with BMC firmware versions prior to 3.38.30. DGX-2 with BMC firmware versions prior to 1.06.06 and all DGX A100 Servers with all BMC firmware versions, contains a vulnerability in the AMI BMC firmware in which the use of a hard-coded RSA 1024 key with weak ciphers may...

7.5CVSS

7.6AI Score

0.002EPSS

2020-10-29 04:15 AM
33
cve
cve

CVE-2020-11486

NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30, contain a vulnerability in the AMI BMC firmware in which software allows an attacker to upload or transfer files that can be automatically processed within the product's environment, which may lead to remote code...

9.8CVSS

9.7AI Score

0.009EPSS

2020-10-29 04:15 AM
33
cve
cve

CVE-2020-11615

NVIDIA DGX servers, all BMC firmware versions prior to 3.38.30, contain a vulnerability in the AMI BMC firmware in which it uses a hard-coded RC4 cipher key, which may lead to information...

7.5CVSS

7.6AI Score

0.002EPSS

2020-10-29 04:15 AM
30
cve
cve

CVE-2020-11483

NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30 and all DGX-2 with BMC firmware versions prior to 1.06.06, contains a vulnerability in the AMI BMC firmware in which the firmware includes hard-coded credentials, which may lead to elevation of privileges or information...

9.8CVSS

9AI Score

0.002EPSS

2020-10-29 04:15 AM
30