ID CVE-2020-11484
Summary NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30, contains a vulnerability in the AMI BMC firmware in which an attacker with administrative privileges can obtain the hash of the BMC/IPMI user password, which may lead to information disclosure.
References
Vulnerable Configurations
  • cpe:2.3:o:intel:bmc_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:intel:bmc_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:intel:bmc_firmware:1.06.06:*:*:*:*:*:*:*
    cpe:2.3:o:intel:bmc_firmware:1.06.06:*:*:*:*:*:*:*
  • cpe:2.3:o:intel:bmc_firmware:2.47:*:*:*:*:*:*:*
    cpe:2.3:o:intel:bmc_firmware:2.47:*:*:*:*:*:*:*
  • cpe:2.3:h:nvidia:dgx-1:-:*:*:*:*:*:*:*
    cpe:2.3:h:nvidia:dgx-1:-:*:*:*:*:*:*:*
CVSS
Base: 4.0 (as of 21-07-2021 - 11:39)
Impact:
Exploitability:
CWE CWE-922
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:L/Au:S/C:P/I:N/A:N
refmap via4
confirm https://nvidia.custhelp.com/app/answers/detail/a_id/5010
Last major update 21-07-2021 - 11:39
Published 29-10-2020 - 04:15
Last modified 21-07-2021 - 11:39
Back to Top