CVE-2023-31037

7.2HIGH

Key Information

Vendor: NVIDIA
Status: Bluefield 2 DPU BMC, BlueField 3 DPU BMC
Vendor: CVE Published:; 24 January 2024

Summary

NVIDIA Bluefield 2 and Bluefield 3 DPU BMC contains a vulnerability in ipmitool, where a root user may cause code injection by a network call. A successful exploit of this vulnerability may lead to code execution on the OS.

Affected Version(s)

Bluefield 2 DPU BMC, BlueField 3 DPU BMC = LTS:2.8.2-46, 23.04, 23.07, 23.09

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Jan 24, 2024
Vulnerability Reserved.
Apr 22, 2023

Collectors

NVD DatabaseMitre Database