Vulnerability in NVIDIA DGX-1 BMC IPMI Handler Allows Unauthorized File Access
CVE-2023-25508

6.7MEDIUM

Key Information:

Vendor: Nvidia
Status: Nvidia Dgx Servers
Vendor: CVE Published:; 22 April 2023

What is CVE-2023-25508?

The NVIDIA DGX-1 BMC is impacted by a vulnerability in its IPMI handler. This issue allows an attacker with the appropriate authorization to upload and download arbitrary files under specific conditions. Exploiting this vulnerability could potentially lead to denial of service, privilege escalation, information disclosure, and unauthorized data modification. The risk underscores the importance of robust access controls in system management interfaces.

Affected Version(s)

NVIDIA DGX servers All BMC versions prior to 3.39.3

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5458

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 22, 2023
Vulnerability Reserved
Feb 7, 2023

Nvidia

What is CVE-2023-25508?

Affected Version(s)

References

CVSS V3.1

Timeline