CVE-2020-11488

NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30 and all DGX-2 with BMC firmware versions prior to 1.06.06, contains a vulnerability in the AMI BMC firmware in which software does not validate the RSA 1024 public key used to verify the firmware signature, which may lead to information disclosure or code execution.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:intel:bmc_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:dgx-1:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:intel:bmc_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:dgx-2:-:*:*:*:*:*:*:*

History

21 Nov 2024, 04:57

Type Values Removed Values Added
References () https://nvidia.custhelp.com/app/answers/detail/a_id/5010 - Vendor Advisory () https://nvidia.custhelp.com/app/answers/detail/a_id/5010 - Vendor Advisory

Information

Published : 2020-10-29 04:15

Updated : 2024-11-21 04:57


NVD link : CVE-2020-11488

Mitre link : CVE-2020-11488

CVE.ORG link : CVE-2020-11488


JSON object : View

Products Affected

intel

  • bmc_firmware

nvidia

  • dgx-1
  • dgx-2
CWE
CWE-347

Improper Verification of Cryptographic Signature