NVIDIA DGX-1 BMC contains a vulnerability in the IPMI handler, where an attacker with the appropriate level of authorization can upload and download arbitrary files under certain circumstances, which may lead to denial of service, escalation of privileges, information disclosure, and data tampering.
References
Link | Resource |
---|---|
https://nvidia.custhelp.com/app/answers/detail/a_id/5458 | Vendor Advisory |
https://nvidia.custhelp.com/app/answers/detail/a_id/5458 | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
21 Nov 2024, 07:49
Type | Values Removed | Values Added |
---|---|---|
References | () https://nvidia.custhelp.com/app/answers/detail/a_id/5458 - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.7 |
29 Apr 2023, 03:05
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
CPE | cpe:2.3:h:nvidia:dgx-1:-:*:*:*:*:*:*:* cpe:2.3:o:nvidia:bmc:*:*:*:*:*:*:*:* |
|
References | (MISC) https://nvidia.custhelp.com/app/answers/detail/a_id/5458 - Vendor Advisory | |
CWE | CWE-22 |
22 Apr 2023, 03:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-04-22 03:15
Updated : 2024-11-21 07:49
NVD link : CVE-2023-25508
Mitre link : CVE-2023-25508
CVE.ORG link : CVE-2023-25508
JSON object : View
Products Affected
nvidia
- bmc
- dgx-1
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')