CVE-2022-42287 — Path Traversal in Nvidia BMC

CWE-22 — Path Traversal CWE-434 — Unrestricted File Upload CWE-269 — Improper Privilege Management5 documents5 sources

Severity

7.8HIGHNVD

CNA6.0CISA7.5

EPSS

0.1%

top 76.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nvidia BMC Nvidia DGX Servers

Timeline

PublishedJan 13

Description

NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can upload and download arbitrary files under certain circumstances, which may lead to denial of service, escalation of privileges, information disclosure and data tampering.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶NVDnvidia/bmc< 00.19.07

▶CVEListV5nvidia/nvidia_dgx_serversAll BMC firmware versions prior to 00.19.07

🔴Vulnerability Details

CVEList

CVE-2022-42287: NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can upload and download arbitrary files under certain circumstances,↗2023-01-13

▶

GHSA

GHSA-476q-p4g6-6rx2: NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can upload and download arbitrary files under certain circumstances,↗2023-01-13

▶

📋Vendor Advisories

CISA

Microsoft Active Directory Domain Services Privilege Escalation Vulnerability↗2022-04-11

▶