VYPR

DGX servers

by Nvidia

CVEs (40)

  • CVE-2020-11486CriOct 29, 2020
    risk 0.64cvss 9.8epss 0.03

    NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30, contain a vulnerability in the AMI BMC firmware in which software allows an attacker to upload or transfer files that can be automatically processed within the product's environment, which may lead to…

  • CVE-2020-11483CriOct 29, 2020
    risk 0.64cvss 9.8epss 0.01

    NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30 and all DGX-2 with BMC firmware versions prior to 1.06.06, contains a vulnerability in the AMI BMC firmware in which the firmware includes hard-coded credentials, which may lead to elevation of privileges…

  • CVE-2020-11485HigOct 29, 2020
    risk 0.57cvss 8.8epss 0.01

    NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30, contains a Cross-Site Request Forgery (CSRF) vulnerability in the AMI BMC firmware in which the web application does not sufficiently verify whether a well-formed, valid, consistent request was…

  • CVE-2022-42271HigJan 11, 2023
    risk 0.55cvss 8.4epss 0.00

    NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can cause a buffer overflow and cause a denial of service or gain code execution

  • CVE-2023-0209HigApr 22, 2023
    risk 0.53cvss 8.2epss 0.00

    NVIDIA DGX-1 SBIOS contains a vulnerability in the Uncore PEI module, where authentication of the code executed by SSA is missing, which may lead to arbitrary code execution, denial of service, escalation of privileges assisted by a firmware implant, information disclosure…

  • CVE-2022-42273HigJan 12, 2023
    risk 0.53cvss 8.1epss 0.01

    NVIDIA BMC contains a vulnerability in libwebsocket, where an authorized attacker can cause a buffer overflow and cause a denial of service or gain code execution.

  • CVE-2022-42272HigJan 12, 2023
    risk 0.53cvss 8.1epss 0.01

    NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can cause a buffer overflow, which may lead to code execution, denial of service or escalation of privileges.

  • CVE-2023-25505HigApr 22, 2023
    risk 0.51cvss 7.8epss 0.00

    NVIDIA DGX-1 BMC contains a vulnerability in the IPMI handler of the AMI MegaRAC BMC , where an attacker with the appropriate level of authorization can cause a buffer overflow, which may lead to denial of service, information disclosure, or arbitrary code execution.

  • CVE-2022-42274HigJan 13, 2023
    risk 0.51cvss 7.8epss 0.00

    NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can cause a buffer overflow and cause a denial of service or gain code execution.

  • CVE-2022-42275HigJan 13, 2023
    risk 0.50cvss 7.7epss 0.00

    NVIDIA BMC IPMI handler allows an unauthenticated host to write to a host SPI flash bypassing secureboot protections. This may lead to a loss of integrity and denial of service.

  • CVE-2023-25506HigApr 22, 2023
    risk 0.49cvss 7.5epss 0.00

    NVIDIA DGX-1 contains a vulnerability in Ofbd in AMI SBIOS, where a preconditioned heap can allow a user with elevated privileges to cause an access beyond the end of a buffer, which may lead to code execution, escalation of privileges, denial of service and information…

  • CVE-2023-0207HigApr 22, 2023
    risk 0.49cvss 7.5epss 0.00

    NVIDIA DGX-2 SBIOS contains a vulnerability where an attacker may modify the ServerSetup NVRAM variable at runtime by executing privileged code. A successful exploit of this vulnerability may lead to denial of service.

  • CVE-2023-0206HigApr 22, 2023
    risk 0.49cvss 7.5epss 0.00

    NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may modify arbitrary memory of SMRAM by exploiting the NVME SMM API. A successful exploit of this vulnerability may lead to denial of service, escalation of privileges, and information disclosure.

  • CVE-2023-0202HigApr 22, 2023
    risk 0.49cvss 7.5epss 0.00

    NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may modify arbitrary memory of SMRAM by exploiting the GenericSio and LegacySmmSredir SMM APIs. A successful exploit of this vulnerability may lead to denial of service, escalation of privileges, and information…

  • CVE-2023-0200HigApr 22, 2023
    risk 0.49cvss 7.5epss 0.00

    NVIDIA DGX-2 contains a vulnerability in OFBD where a user with high privileges and a pre-conditioned heap can cause an access beyond a buffers end, which may lead to code execution, escalation of privileges, denial of service, and information disclosure.

  • CVE-2022-42277HigJan 13, 2023
    risk 0.49cvss 7.5epss 0.00

    NVIDIA DGX Station contains a vulnerability in SBIOS in the SmiFlash, where a local user with elevated privileges can read, write and erase flash, which may lead to code execution, escalation of privileges, denial of service, and information disclosure. The scope of impact can…

  • CVE-2022-42276HigJan 13, 2023
    risk 0.49cvss 7.5epss 0.00

    NVIDIA DGX A100 contains a vulnerability in SBIOS in the SmiFlash, where a local user with elevated privileges can read, write and erase flash, which may lead to code execution, escalation of privileges, denial of service, and information disclosure. The scope of impact can…

  • CVE-2020-11616HigOct 29, 2020
    risk 0.49cvss 7.5epss 0.01

    NVIDIA DGX servers, all BMC firmware versions prior to 3.38.30, contain a vulnerability in the AMI BMC firmware in which the Pseudo-Random Number Generator (PRNG) algorithm used in the JSOL package that implements the IPMI protocol is not cryptographically strong, which may lead…

  • CVE-2020-11615HigOct 29, 2020
    risk 0.49cvss 7.5epss 0.01

    NVIDIA DGX servers, all BMC firmware versions prior to 3.38.30, contain a vulnerability in the AMI BMC firmware in which it uses a hard-coded RC4 cipher key, which may lead to information disclosure.

  • CVE-2020-11489HigOct 29, 2020
    risk 0.49cvss 7.5epss 0.01

    NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30 and all DGX-2 with BMC firmware versions prior to 1.06.06, contain a vulnerability in the AMI BMC firmware in which default SNMP community strings are used, which may lead to information disclosure.

Page 1 of 2