Unauthorized File Access Vulnerability in NVIDIA BMC SPX REST API
CVE-2022-42282

6.5MEDIUM

Key Information:

Vendor

Nvidia
Status
Nvidia Dgx Servers
Vendor
CVE Published:
13 January 2023

What is CVE-2022-42282?

The NVIDIA BMC SPX REST API is prone to a vulnerability that allows authorized attackers to gain access to arbitrary files. This unauthorized access could potentially lead to sensitive information disclosure, raising significant concerns for security and data integrity. Organizations utilizing this API should ensure they have implemented adequate security measures to mitigate this risk.

Affected Version(s)

NVIDIA DGX servers All BMC firmware versions prior to 00.19.07

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5435

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.