NVIDIA DGX-1 BMC contains a vulnerability in the IPMI handler, where an attacker with the appropriate level of authorization can upload and download arbitrary files under certain circumstances, which may lead to denial of service, escalation of privileges, information disclosure, and data tampering.
References
Link | Resource |
---|---|
https://nvidia.custhelp.com/app/answers/detail/a_id/5458 | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
29 Apr 2023, 03:05
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
CPE | cpe:2.3:h:nvidia:dgx-1:-:*:*:*:*:*:*:* cpe:2.3:o:nvidia:bmc:*:*:*:*:*:*:*:* |
|
References | (MISC) https://nvidia.custhelp.com/app/answers/detail/a_id/5458 - Vendor Advisory | |
CWE | CWE-22 |
22 Apr 2023, 03:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-04-22 03:15
Updated : 2024-02-04 23:37
NVD link : CVE-2023-25508
Mitre link : CVE-2023-25508
CVE.ORG link : CVE-2023-25508
JSON object : View
Products Affected
nvidia
- bmc
- dgx-1
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')