Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up
nvidia

NVIDIA DGX Servers

10 Versions 36 CVEs

Versions

All DGX-1 with BMC firmware versions prior to 3.38.30

OTHER 3 CVEs

All DGX-1 Servers with BMC firmware versions prior to 3.38.30

OTHER 2 CVEs

All BMC versions prior to 3.39.3

OTHER 3 CVEs

All BMC firmware versions prior to 00.19.07

OTHER 15 CVEs

All BMC versions prior to 1.08.00

OTHER 2 CVEs

All SBIOS firmware versions prior to 1.18

OTHER 4 CVEs

All SBIOS versions prior to 1.18

OTHER 2 CVEs

All SBIOS prior to S2W_3A13

OTHER 3 CVEs

All SBIOS versions prior to 0.33

OTHER 1 CVE

All SBIOS firmware versions prior to 10.16

OTHER 1 CVE

Recent CVEs

CVE-2023-25509

NVIDIA DGX-1 SBIOS contains a vulnerability in Bds, which may lead to code execution, denial of service, and escalation of privileges.

MEDIUM Apr 22, 2023

CVE-2023-25508

NVIDIA DGX-1 BMC contains a vulnerability in the IPMI handler, where an attacker with the appropriate level of authorization can upload and download arbitrary files under certain circumstances, which may lead to denial of service, escalation of privileges, information disclosure, and data tampering.

MEDIUM Apr 22, 2023

CVE-2023-25507

NVIDIA DGX-1 BMC contains a vulnerability in the SPX REST API, where an attacker with the appropriate level of authorization can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure, and data tampering.

HIGH Apr 22, 2023

CVE-2023-25506

NVIDIA DGX-1 contains a vulnerability in Ofbd in AMI SBIOS, where a preconditioned heap can allow a user with elevated privileges to cause an access beyond the end of a buffer, which may lead to code execution, escalation of privileges, denial of service and information disclosure. The scope of the impact of this vulnerability can extend to other components.

HIGH Apr 22, 2023

CVE-2023-25505

NVIDIA DGX-1 BMC contains a vulnerability in the IPMI handler of the AMI MegaRAC BMC , where an attacker with the appropriate level of authorization can cause a buffer overflow, which may lead to denial of service, information disclosure, or arbitrary code execution.

HIGH Apr 22, 2023

CVE-2023-0209

NVIDIA DGX-1 SBIOS contains a vulnerability in the Uncore PEI module, where authentication of the code executed by SSA is missing, which may lead to arbitrary code execution, denial of service, escalation of privileges assisted by a firmware implant, information disclosure assisted by a firmware implant, data tampering, and SecureBoot bypass.

HIGH Apr 22, 2023