CVE-2023-25521

CWE-250 CWE-269 — Improper Privilege Management3 documents3 sources

Severity

7.8HIGH

EPSS

0.0%

top 93.03%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nvidia DGX A100 Firmware Nvidia DGX A800 Firmware Nvidia DGX A100/a800

Timeline

PublishedJul 4

Description

NVIDIA DGX A100/A800 contains a vulnerability in SBIOS where an attacker may cause execution with unnecessary privileges by leveraging a weakness whereby proper input parameter validation is not performed. A successful exploit of this vulnerability may lead to denial of service, information disclosure, and data tampering.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:HExploitability: 0.8 | Impact: 6.0

Affected Packages3 packages

▶CVEListV5nvidia/dgx_a100/a800All SBIOS versions prior to 1.21

▶NVDnvidia/dgx_a100_firmware< 1.21

▶NVDnvidia/dgx_a800_firmware< 1.21

🔴Vulnerability Details

GHSA

GHSA-2x8r-wp6q-whxr: NVIDIA DGX A100/A800 contains a vulnerability in SBIOS where an attacker may cause execution with unnecessary privileges by leveraging a weakness wher↗2023-07-04

▶

CVEList

CVE-2023-25521: NVIDIA DGX A100/A800 contains a vulnerability in SBIOS where an attacker may cause execution with unnecessary privileges by leveraging a weakness wher↗2023-07-03

▶