HIGH🇵🇱 Wersja polska

CVE-2022-42278

CVSS 7.2v3.1pub. 2023-01-13upd. 2024-11-21

NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can read and write to arbitrary locations within the memory context of the IPMI server process, which may lead to code execution, denial of service, information disclosure and data tampering.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  • Nvidia Bmc

    OS
    Nvidia
    < 00.19.07
  • Nvidia Dgx A100

    HW
    Nvidia
    wszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCEDoS
CWE
References

Related vulnerabilities

CVE-2023-31030CRITICAL9.3PL ✓ten sam produkt

NVIDIA DGX A100 BMC — stack overflow w demonze KVM umożliwia RCE

CVE-2023-31029CRITICAL9.3PL ✓ten sam produkt

Stack overflow w BMC KVM daemon NVIDIA DGX A100 — RCE bez uwierzytelnienia

CVE-2023-31024CRITICAL9.0PL ✓ten sam produkt

NVIDIA DGX A100 BMC: stack corruption w daemonie KVM umożliwiający RCE

CVE-2023-31032HIGH7.5ten sam produkt

NVIDIA DGX A100 SBIOS contains a vulnerability where a user may cause a dynamic variable evaluation by local a...

CVE-2023-31035HIGH7.5ten sam produkt

NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may cause an SMI callout vulnerability that c...