CVE-2023-0209Improper Authentication in Nvidia Sbios

CWE-287Improper Authentication3 documents3 sources
Severity
7.8HIGHNVD
CNA8.2
EPSS
0.0%
top 99.05%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Nvidia SbiosNvidia DGX Servers
Timeline
PublishedApr 22

Description

NVIDIA DGX-1 SBIOS contains a vulnerability in the Uncore PEI module, where authentication of the code executed by SSA is missing, which may lead to arbitrary code execution, denial of service, escalation of privileges assisted by a firmware implant, information disclosure assisted by a firmware implant, data tampering, and SecureBoot bypass.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

NVDnvidia/sbios< 52w_3a13
CVEListV5nvidia/nvidia_dgx_serversAll SBIOS prior to S2W_3A13

🔴Vulnerability Details

2
CVEList
CVE-2023-0209: NVIDIA DGX-1 SBIOS contains a vulnerability in the Uncore PEI module, where authentication of the code executed by SSA is missing, which may lead to a2023-04-22
GHSA
GHSA-j2cw-x4g9-632w: NVIDIA DGX-1 SBIOS contains a vulnerability in the Uncore PEI module, where authentication of the code executed by SSA is missing, which may lead to a2023-04-22
CVE-2023-0209 — Improper Authentication in Nvidia Sbios | cvebase