CVE-2023-25507

CWE-78OS Command Injection3 documents3 sources
Severity
8.8HIGH
EPSS
0.3%
top 46.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Nvidia BMCNvidia Nvidia DGX Servers
Timeline
PublishedApr 22

Description

NVIDIA DGX-1 BMC contains a vulnerability in the SPX REST API, where an attacker with the appropriate level of authorization can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure, and data tampering.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

NVDnvidia/bmc< 3.39.30
CVEListV5nvidia/nvidia_dgx_serversAll BMC versions prior to 3.39.3

🔴Vulnerability Details

2
CVEList
CVE-2023-25507: NVIDIA DGX-1 BMC contains a vulnerability in the SPX REST API, where an attacker with the appropriate level of authorization can inject arbitrary shel2023-04-22
GHSA
GHSA-cg7h-97r3-gc3j: NVIDIA DGX-1 BMC contains a vulnerability in the SPX REST API, where an attacker with the appropriate level of authorization can inject arbitrary shel2023-04-22
CVE-2023-25507 (HIGH CVSS 8.8) | NVIDIA DGX-1 BMC contains a vulnera | cvebase.io