CVE-2023-31025

NVIDIA DGX A100 BMC contains a vulnerability where an attacker may cause an LDAP user injection. A successful exploit of this vulnerability may lead to information disclosure.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://nvidia.custhelp.com/app/answers/detail/a_id/5510	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:nvidia:dgx_a100_firmware:*:*:*:*:bmc:*:*:*

cpe:2.3:h:nvidia:dgx_a100:-:*:*:*:*:*:*:*

History

18 Jan 2024, 20:48

Type	Values Removed	Values Added
CPE		cpe:2.3:h:nvidia:dgx_a100:-:::::::* cpe:2.3:o:nvidia:dgx_a100_firmware:::::bmc:::*
CWE		CWE-74
CVSS	v2 : ~~unknown~~ v3 : ~~6.5~~	v2 : unknown v3 : 7.5
References	~~() https://nvidia.custhelp.com/app/answers/detail/a_id/5510 -~~	() https://nvidia.custhelp.com/app/answers/detail/a_id/5510 - Vendor Advisory
Summary		(es) NVIDIA DGX A100 BMC contiene una vulnerabilidad en la que un atacante puede provocar una inyección de usuario LDAP. Una explotación exitosa de esta vulnerabilidad puede conducir a la divulgación de información.
First Time		Nvidia dgx A100 Nvidia Nvidia dgx A100 Firmware

12 Jan 2024, 19:21

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-01-12 19:15

Updated : 2024-01-18 20:48

NVD link : CVE-2023-31025

Mitre link : CVE-2023-31025

CVE.ORG link : CVE-2023-31025

JSON object : View

Products Affected

nvidia

dgx_a100
dgx_a100_firmware

CWE

CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CWE-90

Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')

{"id": "CVE-2023-31025", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "psirt@nvidia.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2024-01-12T19:15:09.627", "references": [{"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5510", "tags": ["Vendor Advisory"], "source": "psirt@nvidia.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-74"}]}, {"type": "Secondary", "source": "psirt@nvidia.com", "description": [{"lang": "en", "value": "CWE-90"}]}], "descriptions": [{"lang": "en", "value": "NVIDIA DGX A100 BMC contains a vulnerability where an attacker may cause an LDAP user injection. A successful exploit of this vulnerability may lead to information disclosure."}, {"lang": "es", "value": "NVIDIA DGX A100 BMC contiene una vulnerabilidad en la que un atacante puede provocar una inyecci\u00f3n de usuario LDAP. Una explotaci\u00f3n exitosa de esta vulnerabilidad puede conducir a la divulgaci\u00f3n de informaci\u00f3n."}], "lastModified": "2024-01-18T20:48:14.777", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:nvidia:dgx_a100_firmware:*:*:*:*:bmc:*:*:*", "vulnerable": true, "matchCriteriaId": "866DDFEC-0CB8-4152-B36E-A358497AA4D0", "versionEndExcluding": "00.22.05"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:nvidia:dgx_a100:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8807CB65-5F49-42E8-B5D8-36943418ADB9"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@nvidia.com"}