CVE-2023-31037

7.2HIGH

Key Information

Vendor
NVIDIA
Status
Bluefield 2 DPU BMC, BlueField 3 DPU BMC
Vendor
CVE Published:
24 January 2024

Summary

NVIDIA Bluefield 2 and Bluefield 3 DPU BMC contains a vulnerability in ipmitool, where a root user may cause code injection by a network call. A successful exploit of this vulnerability may lead to code execution on the OS.

Affected Version(s)

Bluefield 2 DPU BMC, BlueField 3 DPU BMC = LTS:2.8.2-46, 23.04, 23.07, 23.09

Refferences

CVSS V3.1

Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database
.