CVE-2022-42278

CWE-119Buffer OverflowCWE-20Improper Input Validation5 documents5 sources
Severity
7.8HIGH
EPSS
0.4%
top 37.15%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Nvidia BMCNvidia Nvidia DGX Servers
Timeline
PublishedJan 13

Description

NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can read and write to arbitrary locations within the memory context of the IPMI server process, which may lead to code execution, denial of service, information disclosure and data tampering.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

CVEListV5nvidia/nvidia_dgx_serversAll BMC firmware versions prior to 00.19.07
NVDnvidia/bmc< 00.19.07

🔴Vulnerability Details

2
GHSA
GHSA-chmh-mcvp-rwfv: NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can read and write to arbitrary locations within the memory context2023-01-13
CVEList
CVE-2022-42278: NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can read and write to arbitrary locations within the memory context2023-01-13

📋Vendor Advisories

1
CISA
Microsoft Active Directory Domain Services Privilege Escalation Vulnerability2022-04-11
CVE-2022-42278 (HIGH CVSS 7.8) | NVIDIA BMC contains a vulnerability | cvebase.io