13 matches found
CVE-2022-42278
NVIDIA BMC vulnerability CVE-2022-42278 affects the SPX REST API in NVIDIA BMC. An authorized attacker could read/write arbitrary memory within the IPMI server process, potentially enabling code execution, denial of service, information disclosure, or data tampering. Affected system: NVIDIA BMC/S...
CVE-2023-0201
CVE-2023-0201 affects NVIDIA DGX-2 SBIOS and is described as a vulnerability in Bds that allows a user with high privileges to cause a write beyond the bounds of an indexable resource, potentially enabling code execution, denial of service, integrity compromise, or information disclosure. The iss...
CVE-2022-42282
CVE-2022-42282 affects NVIDIA DGX BMC SPX REST API. An authorized attacker can access arbitrary files, potentially causing information disclosure. NVIDIA advisories and the DGX updates identify a remediation path: BMC firmware versions prior to 2.09.00 are addressed by firmware update 2.09.00. Ex...
CVE-2022-42284
CVE-2022-42284 concerns NVIDIA DGX Station A100/A800 BMC: passwords are stored in an obfuscated form in a host-accessible database, potentially leading to credential exposure. The Red Hat/NVD entries and NVIDIA bulletin corroborate that this is a BMC storage credential exposure issue. The NVIDIA ...
CVE-2022-42275
Mode C: Affected product is NVIDIA DGX Station A100/A800 BMC. CVE-2022-42275 concerns the IPMI handler where an unauthenticated host can write to the host SPI flash, bypassing secure boot protections, leading to loss of integrity and potential DoS. Root cause: IPMI/BMC tooling vulnerability allow...
CVE-2022-42283
CVE-2022-42283 affects NVIDIA DGX Station A100 and DGX Station A800 BMCs, where the IPMI handler contains a vulnerability that can cause a buffer overflow. An attacker with the required privileges could trigger denial of service or gain code execution through the BMC IPMI path. The issue is docum...
CVE-2023-25505
CVE-2023-25505 affects NVIDIA DGX-1 BMC, specifically the IPMI handler in the AMI MegaRAC BMC. The issue is a buffer overflow that an attacker with the appropriate authorization level can trigger, potentially causing denial of service, information disclosure, or arbitrary code execution. NVIDIA's...
CVE-2023-25507
The CVE-2023-25507 issue affects NVIDIA DGX-1 BMC SPX REST API. A privileged, authenticated attacker can inject arbitrary shell commands via the REST API, potentially enabling code execution, denial of service, information disclosure, or data tampering. Public sources corroborate affecting DGX-1 ...
CVE-2022-42274
CVE-2022-42274 affects NVIDIA DGX Station A100/A800 BMC firmware (IPMI handler). The Red Hat/NVD/NVIDIA bulletins describe a vulnerability where an attacker with required privileges can trigger a buffer overflow in the BMC IPMI handler, leading to denial of service or potential code execution. Im...
CVE-2022-42287
CVE-2022-42287 relates to NVIDIA BMC IPMI handler vulnerability. An authorized attacker could upload/download arbitrary files under certain conditions, potentially causing denial of service, privilege escalation, information disclosure, and data tampering. Affected products include NVIDIA DGX Sta...
CVE-2022-42280
The CVE-2022-42280 issue affects NVIDIA DGX BMC SPX REST authorization. An unauthorized attacker could exploit a path traversal to escalate privileges on vulnerable BMC firmware. The NVIDIA advisory lists affected products (DGX Station A100/A800), and specifies a firmware update path with BMC Fir...
CVE-2023-25508
NVIDIA DGX-1 BMC IPMI handler vulnerability (CVE-2023-25508) allows an attacker with the appropriate authorization level to upload/download arbitrary files under certain circumstances, potentially causing denial of service, privilege escalation, information disclosure, and data tampering. The iss...
CVE-2023-0200
CVE-2023-0200 affects NVIDIA DGX-2 firmware (OFBD) where a user with high privileges and a pre-conditioned heap can cause an access beyond the end of a buffer, enabling code execution, privilege escalation, denial of service, or information disclosure. The issue is tied to a heap condition in OFB...