CVE-2023-31010Improper Input Validation in Nvidia DGX H100 Firmware

CWE-20Improper Input Validation3 documents3 sources
Severity
8.8HIGHNVD
CNA6.8
EPSS
0.1%
top 65.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Nvidia DGX H100 FirmwareNvidia DGX H100 BMC
Timeline
PublishedSep 20

Description

NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to escalation of privileges, information disclosure, and denial of service.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

NVDnvidia/dgx_h100_firmware< 23.08.18
CVEListV5nvidia/dgx_h100_bmcAll versions prior to 23.08.07

🔴Vulnerability Details

2
GHSA
GHSA-c4j5-chm9-2hjc: NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause improper input validation2023-09-20
CVEList
CVE-2023-31010: NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause improper input validation2023-09-20
CVE-2023-31010 — Improper Input Validation in Nvidia | cvebase