Lucene search
K
IntelBmc Firmware

17 matches found

CVE
CVE
added 2021/02/17 1:54 p.m.156 views

CVE-2020-12373

CVE-2020-12373 is an expired pointer dereference in Intel graphics drivers prior to 26.20.100.8141 that could allow a local privileged user to cause a denial of service. Public docs show this CVE fixed by the kernel-firmware update in openSUSE/SUSE advisories (openSUSE-2021-407 / openSUSE-SU-2021...

6.7CVSS6.2AI score0.0026EPSS
CVE
CVE
added 2020/10/29 3:35 a.m.70 views

CVE-2020-11485

CVE-2020-11485 affects NVIDIA DGX systems (notably DGX-1) with AMI BMC firmware versions prior to 3.38.30. The vulnerability is a Cross-Site Request Forgery (CSRF) in the BMC web interface, where the application does not sufficiently verify that a request is intentional, potentially enabling info...

8.8CVSS8.9AI score0.0075EPSS
CVE
CVE
added 2020/10/29 3:35 a.m.68 views

CVE-2020-11487

CVE-2020-11487 affects NVIDIA DGX-1, DGX-2, and DGX A100 servers via AMI BMC firmware with a hard-coded RSA 1024 key and weak ciphers, leading to information disclosure over the BMC. Affected firmware is before 3.38.30 (DGX-1), before 1.06.06 (DGX-2), and before 00.13.16 (DGX A100). NVIDIA provid...

7.5CVSS7.6AI score0.01258EPSS
CVE
CVE
added 2020/10/29 3:35 a.m.67 views

CVE-2020-11488

CVE-2020-11488 affects NVIDIA DGX-1 and DGX-2 systems where the AMI BMC firmware before the stated versions does not validate the RSA-1024 public key used to verify firmware signatures, enabling potential information disclosure or code execution. Public details from NVIDIA/NVD indicate DGX-1 BMC ...

6.7CVSS7.2AI score0.00243EPSS
CVE
CVE
added 2020/10/29 3:35 a.m.66 views

CVE-2020-11616

CVE-2020-11616 affects NVIDIA DGX servers with BMC firmware versions prior to 3.38.30. The vulnerability arises from a weak PRNG in the JSOL IPMI package of the AMI BMC firmware, which could lead to information disclosure. Public documents identify the affected product class but do not provide ex...

7.5CVSS7.6AI score0.01316EPSS
CVE
CVE
added 2021/02/19 3:17 p.m.66 views

CVE-2020-12374

CVE-2020-12374 is a local-privilege-escalation vulnerability affecting Intel® Server Boards, Server Systems and Compute Modules due to a buffer overflow in the BMC firmware before version 2.47. Red Hat and NVD entries describe the issue identically, with impact on confidentiality, integrity, and ...

6.7CVSS6.8AI score0.00252EPSS
CVE
CVE
added 2020/10/29 3:35 a.m.65 views

CVE-2020-11489

NVIDIA DGX servers are affected by CVE-2020-11489 due to a vulnerability in the AMI BMC firmware where default SNMP community strings may lead to information disclosure. Affected systems include DGX-1 with BMC firmware prior to 3.38.30 and DGX-2 with BMC firmware prior to 1.06.06. NVIDIA’s securi...

7.5CVSS7.6AI score0.01316EPSS
CVE
CVE
added 2020/10/29 3:35 a.m.64 views

CVE-2020-11486

CVE-2020-11486 (NVIDIA DGX BMC): A vulnerability in the AMI Baseboard Management Controller (BMC) firmware on DGX-1 (and related DGX models) allows an attacker to upload or transfer files that can be automatically processed within the product’s environment, potentially enabling remote code execut...

9.8CVSS9.7AI score0.02611EPSS
CVE
CVE
added 2020/10/29 3:35 a.m.63 views

CVE-2020-11484

CVE-2020-11484 affects NVIDIA DGX-1 (and DGX-2, DGX A100) with AMI BMC firmware older than 3.38.30. The vulnerability allows an attacker with administrative privileges to obtain the hash of the BMC/IPMI user password, potentially leading to information disclosure. NVIDIA’s security bulletin docum...

4.9CVSS5.7AI score0.01072EPSS
CVE
CVE
added 2020/10/29 3:35 a.m.61 views

CVE-2020-11615

NVIDIA DGX servers with AMI BMC firmware older than 3.38.30 are affected by CVE-2020-11615 due to a hard-coded RC4 cipher key in the AMI BMC firmware, which may lead to information disclosure. The NVIDIA security bulletin lists BMC firmware updates to 3.38.30 (and related DGX models) as the remed...

7.5CVSS7.6AI score0.01247EPSS
CVE
CVE
added 2020/10/29 3:35 a.m.60 views

CVE-2020-11483

NVIDIA DGX-1, DGX-2, and DGX A100 DGX systems are affected by CVE-2020-11483 due to hard-coded credentials in the AMI BMC firmware. The root cause is embedded credentials in the BMC firmware, which may permit elevation of privileges or information disclosure over the network. According to NVIDIA’...

9.8CVSS9AI score0.01364EPSS
CVE
CVE
added 2021/02/17 1:55 p.m.50 views

CVE-2020-12377

CVE-2020-12377 affects Intel® Server Boards, Server Systems and Compute Modules via the BMC firmware up to version 2.47. The issue is insufficient input validation in BMC firmware, which could allow an authenticated local user to escalate privileges. Intel’s advisory (Intel-SA-00434) lists this C...

7.8CVSS7.7AI score0.00264EPSS
CVE
CVE
added 2021/02/17 1:55 p.m.50 views

CVE-2020-12380

CVE-2020-12380 affects Intel BMC firmware on select Server Boards/Systems/Compute Modules. An authenticated local user can exploit an out-of-bounds read in firmware before version 2.47, potentially escalating privileges. Remediation is to apply the Intel firmware updates (2.47 or newer) as descri...

7.8CVSS7.7AI score0.00264EPSS
CVE
CVE
added 2021/02/17 1:56 p.m.49 views

CVE-2020-12375

CVE-2020-12375 : A heap overflow in the BMC firmware of Intel® Server Boards, Server Systems and Compute Modules prior to version 2.47 may allow an authenticated local user to escalate privileges. The issue is documented across multiple sources (NVD entry and Intel advisory Intel-SA-00434) with r...

6.7CVSS6.9AI score0.00267EPSS
CVE
CVE
added 2018/07/10 9:0 p.m.47 views

CVE-2018-3682

CVE-2018-3682 affects Intel server BMC firmware on server boards, compute modules, and server systems. The vulnerability allows an attacker with administrative privileges to perform unauthorized read/write operations on the SMBUS, exposing confidentiality, integrity, and availability impacts. CVS...

8.2CVSS8.1AI score0.00305EPSS
CVE
CVE
added 2018/09/12 7:0 p.m.46 views

CVE-2018-12171

CVE-2018-12171 affects Intel® Baseboard Management Controller (BMC) firmware prior to 1.43.91f76955. The issue enables privilege escalation by an unprivileged user to potentially execute arbitrary code or cause a network-based denial of service. Affected products include multiple Intel server boa...

9.8CVSS9.7AI score0.02136EPSS
CVE
CVE
added 2021/02/17 1:56 p.m.45 views

CVE-2020-12376

CVE-2020-12376 affects Intel® Server Boards, Server Systems and Compute Modules BMC firmware. The issue is use of a hard-coded key in firmware before version 2.47, potentially enabling information disclosure via local access by an authenticated user. Intel’s advisory Intel‑SA‑00434 confirms the v...

5.5CVSS5.2AI score0.00236EPSS