CVE-2023-25508

CWE-22Path Traversal3 documents3 sources
Severity
7.8HIGH
EPSS
0.0%
top 89.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Nvidia BMCNvidia Nvidia DGX Servers
Timeline
PublishedApr 22

Description

NVIDIA DGX-1 BMC contains a vulnerability in the IPMI handler, where an attacker with the appropriate level of authorization can upload and download arbitrary files under certain circumstances, which may lead to denial of service, escalation of privileges, information disclosure, and data tampering.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages2 packages

NVDnvidia/bmc< 3.39.30
CVEListV5nvidia/nvidia_dgx_serversAll BMC versions prior to 3.39.3

🔴Vulnerability Details

2
CVEList
CVE-2023-25508: NVIDIA DGX-1 BMC contains a vulnerability in the IPMI handler, where an attacker with the appropriate level of authorization can upload and download a2023-04-22
GHSA
GHSA-8rcr-9q62-6h4p: NVIDIA DGX-1 BMC contains a vulnerability in the IPMI handler, where an attacker with the appropriate level of authorization can upload and download a2023-04-22
CVE-2023-25508 (HIGH CVSS 7.8) | NVIDIA DGX-1 BMC contains a vulnera | cvebase.io