IPMI Handler Vulnerability in NVIDIA BMC
CVE-2022-42288

5.3MEDIUM

Key Information:

Vendor
Nvidia
Vendor
CVE Published:
13 January 2023

Summary

A vulnerability exists in the IPMI handler of NVIDIA BMC that allows unauthorized attackers to exploit certain oracles to deduce a valid BMC username, potentially leading to sensitive information being disclosed. This security flaw raises significant concerns regarding the integrity of systems utilizing NVIDIA BMC, underscoring the need for timely updates and mitigations.

Affected Version(s)

NVIDIA DGX servers All BMC firmware versions prior to 00.19.07

References

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.