Nvidia Dgx H100 Bmc vulnerabilities

15 known vulnerabilities affecting nvidia/dgx_h100_bmc.

Total CVEs
15
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL6HIGH9

Vulnerabilities

Page 1 of 1
CVE-2023-31009CRITICALCVSS 9.8vAll versions prior to 23.08.072023-09-20
CVE-2023-31009 [HIGH] CWE-20 CVE-2023-31009: NVIDIA DGX H100 BMC contains a vulnerability in the REST service, where an attacker may cause improp NVIDIA DGX H100 BMC contains a vulnerability in the REST service, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, and information disclosure.
cvelistv5nvd
CVE-2023-25531CRITICALCVSS 9.8vAll versions prior to 23.08.072023-09-20
CVE-2023-25531 [HIGH] CWE-522 CVE-2023-25531: NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause insufficient prote NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause insufficient protection of credentials. A successful exploit of this vulnerability may lead to code execution, denial of service, information disclosure, and escalation of privileges.
cvelistv5nvd
CVE-2023-25528CRITICALCVSS 9.8vAll versions prior to 23.08.072023-09-20
CVE-2023-25528 [HIGH] CWE-121 CVE-2023-25528: NVIDIA DGX H100 baseboard management controller (BMC) contains a vulnerability in a web server plugi NVIDIA DGX H100 baseboard management controller (BMC) contains a vulnerability in a web server plugin, where an unauthenticated attacker may cause a stack overflow by sending a specially crafted network packet. A successful exploit of this vulnerability may lead to arbitrary code execution, denial of service, information disclosure, and data tampering
cvelistv5nvd
CVE-2023-25534CRITICALCVSS 9.8vAll versions prior to 23.08.072023-09-20
CVE-2023-25534 [MEDIUM] CWE-20 CVE-2023-25534: NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause improper input val NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.
cvelistv5nvd
CVE-2023-25533CRITICALCVSS 9.8vAll versions prior to 23.08.072023-09-20
CVE-2023-25533 [HIGH] CWE-20 CVE-2023-25533: NVIDIA DGX H100 BMC contains a vulnerability in the web UI, where an attacker may cause improper inp NVIDIA DGX H100 BMC contains a vulnerability in the web UI, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to information disclosure, code execution, and escalation of privileges.
cvelistv5nvd
CVE-2023-25530CRITICALCVSS 9.8vAll versions prior to 23.08.072023-09-20
CVE-2023-25530 [HIGH] CWE-20 CVE-2023-25530: NVIDIA DGX H100 BMC contains a vulnerability in the KVM service, where an attacker may cause imprope NVIDIA DGX H100 BMC contains a vulnerability in the KVM service, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, and information disclosure.
cvelistv5nvd
CVE-2023-31015HIGHCVSS 7.8vAll versions prior to 23.08.072023-09-20
CVE-2023-31015 [MEDIUM] CWE-287 CVE-2023-31015: NVIDIA DGX H100 BMC contains a vulnerability in the REST service where a host user may cause as impr NVIDIA DGX H100 BMC contains a vulnerability in the REST service where a host user may cause as improper authentication issue. A successful exploit of this vulnerability may lead to escalation of privileges, information disclosure, code execution, and denial of service.
cvelistv5nvd
CVE-2023-25529HIGHCVSS 8.1vAll versions prior to 23.08.072023-09-20
CVE-2023-25529 [HIGH] CWE-208 CVE-2023-25529: NVIDIA DGX H100 BMC and DGX A100 BMC contains a vulnerability in the host KVM daemon, where an unaut NVIDIA DGX H100 BMC and DGX A100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a leak of another user’s session token by observing timing discrepancies between server responses. A successful exploit of this vulnerability may lead to information disclosure, escalation of privileges, and data tampering.
cvelistv5nvd
CVE-2023-31013HIGHCVSS 8.8vAll versions prior to 23.08.072023-09-20
CVE-2023-31013 [MEDIUM] CWE-20 CVE-2023-31013: NVIDIA DGX H100 BMC contains a vulnerability in the REST service, where an attacker may cause improp NVIDIA DGX H100 BMC contains a vulnerability in the REST service, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to escalation of privileges and information disclosure.
cvelistv5nvd
CVE-2023-25532HIGHCVSS 7.5vAll versions prior to 23.08.072023-09-20
CVE-2023-25532 [MEDIUM] CWE-522 CVE-2023-25532: NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause insufficient prote NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause insufficient protection of credentials. A successful exploit of this vulnerability may lead to information disclosure.
cvelistv5nvd
CVE-2023-25527HIGHCVSS 7.8vAll versions prior to 23.08.072023-09-20
CVE-2023-25527 [HIGH] CWE-119 CVE-2023-25527: NVIDIA DGX H100 BMC contains a vulnerability in the host KVM daemon, where an authenticated local at NVIDIA DGX H100 BMC contains a vulnerability in the host KVM daemon, where an authenticated local attacker may cause corruption of kernel memory. A successful exploit of this vulnerability may lead to arbitrary kernel code execution, denial of service, escalation of privileges, information disclosure, and data tampering.
cvelistv5nvd
CVE-2023-31010HIGHCVSS 8.8vAll versions prior to 23.08.072023-09-20
CVE-2023-31010 [MEDIUM] CWE-20 CVE-2023-31010: NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause improper input val NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to escalation of privileges, information disclosure, and denial of service.
cvelistv5nvd
CVE-2023-31008HIGHCVSS 7.8vAll versions prior to 23.08.072023-09-20
CVE-2023-31008 [HIGH] CWE-20 CVE-2023-31008: NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause improper input val NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to code execution, denial of services, escalation of privileges, and information disclosure.
cvelistv5nvd
CVE-2023-31011HIGHCVSS 8.8vAll versions prior to 23.08.072023-09-20
CVE-2023-31011 [MEDIUM] CWE-20 CVE-2023-31011: NVIDIA DGX H100 BMC contains a vulnerability in the REST service where an attacker may cause imprope NVIDIA DGX H100 BMC contains a vulnerability in the REST service where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to escalation of privileges and information disclosure.
cvelistv5nvd
CVE-2023-31012HIGHCVSS 8.8vAll versions prior to 23.08.072023-09-20
CVE-2023-31012 [MEDIUM] CWE-20 CVE-2023-31012: NVIDIA DGX H100 BMC contains a vulnerability in the REST service where an attacker may cause imprope NVIDIA DGX H100 BMC contains a vulnerability in the REST service where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to escalation of privileges and information disclosure.
cvelistv5nvd