CVE-2022-42290

CWE-78OS Command Injection3 documents3 sources
Severity
8.8HIGH
EPSS
1.0%
top 23.36%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Nvidia DGX A100 FirmwareNvidia Nvidia DGX Servers
Timeline
PublishedJan 13

Description

NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure and data tampering.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

NVDnvidia/dgx_a100_firmware< 00.19.07
CVEListV5nvidia/nvidia_dgx_serversAll BMC firmware versions prior to 00.19.07

🔴Vulnerability Details

2
GHSA
GHSA-4m5q-mv47-pcjx: NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can inject arbitrary shell commands, which may lead to code executio2023-01-13
CVEList
CVE-2022-42290: NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can inject arbitrary shell commands, which may lead to code executio2023-01-13
CVE-2022-42290 (HIGH CVSS 8.8) | NVIDIA BMC contains a vulnerability | cvebase.io