CVE-2022-42289

CWE-78 — OS Command Injection3 documents3 sources

Severity

8.8HIGH

EPSS

0.8%

top 26.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nvidia DGX A100 Firmware Nvidia Nvidia DGX Servers

Timeline

PublishedJan 13

Description

NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure and data tampering.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

▶NVDnvidia/dgx_a100_firmware< 00.19.07

▶CVEListV5nvidia/nvidia_dgx_serversAll BMC firmware versions prior to 00.19.07

🔴Vulnerability Details

CVEList

CVE-2022-42289: NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can inject arbitrary shell commands, which may lead to code executio↗2023-01-13

▶

GHSA

GHSA-5xr5-hfmf-pr6p: NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can inject arbitrary shell commands, which may lead to code executio↗2023-01-13

▶