File Upload Vulnerability in NVIDIA BMC Affected by IPMI Handler
CVE-2022-42287

6MEDIUM

Key Information:

Vendor: Nvidia
Status: Nvidia Dgx Servers
Vendor: CVE Published:; 13 January 2023

Summary

NVIDIA BMC is compromised by a vulnerability in its IPMI handler that permits an authorized attacker to upload and download arbitrary files under specific conditions. This weakness raises significant security concerns, potentially enabling denial of service, privilege escalation, information disclosure, and unauthorized data manipulation. Users of NVIDIA BMC should be aware of the risks associated with improper file handling within the IPMI protocol to safeguard their environments.

Affected Version(s)

NVIDIA DGX servers All BMC firmware versions prior to 00.19.07

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5435

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 13, 2023
Vulnerability Reserved
Oct 3, 2022