CVE-2023-31015

CWE-287Improper Authentication3 documents3 sources
Severity
7.8HIGH
EPSS
0.1%
top 84.70%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Nvidia DGX H100 FirmwareNvidia DGX H100 BMC
Timeline
PublishedSep 20

Description

NVIDIA DGX H100 BMC contains a vulnerability in the REST service where a host user may cause as improper authentication issue. A successful exploit of this vulnerability may lead to escalation of privileges, information disclosure, code execution, and denial of service.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:LExploitability: 1.8 | Impact: 4.7

Affected Packages2 packages

NVDnvidia/dgx_h100_firmware< 23.08.18
CVEListV5nvidia/dgx_h100_bmcAll versions prior to 23.08.07

🔴Vulnerability Details

2
CVEList
CVE-2023-31015: NVIDIA DGX H100 BMC contains a vulnerability in the REST service where a host user may cause as improper authentication issue2023-09-20
GHSA
GHSA-p64m-jmgx-fqcq: NVIDIA DGX H100 BMC contains a vulnerability in the REST service where a host user may cause as improper authentication issue2023-09-20
CVE-2023-31015 (HIGH CVSS 7.8) | NVIDIA DGX H100 BMC contains a vuln | cvebase.io