Vulnerability in NVIDIA DGX-1 BMC IPMI Handler Allows Unauthorized File Access
CVE-2023-25508

6.7MEDIUM

Key Information:

Vendor: Nvidia
Status: Nvidia Dgx Servers
Vendor: CVE Published:; 22 April 2023

Summary

The NVIDIA DGX-1 BMC is impacted by a vulnerability in its IPMI handler. This issue allows an attacker with the appropriate authorization to upload and download arbitrary files under specific conditions. Exploiting this vulnerability could potentially lead to denial of service, privilege escalation, information disclosure, and unauthorized data modification. The risk underscores the importance of robust access controls in system management interfaces.

Affected Version(s)

NVIDIA DGX servers All BMC versions prior to 3.39.3

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5458

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 22, 2023
Vulnerability Reserved
Feb 7, 2023