CVE-2023-31033

NVIDIA DGX A100 BMC contains a vulnerability where a user may cause a missing authentication issue for a critical function by an adjacent network . A successful exploit of this vulnerability may lead to escalation of privileges, code execution, denial of service, information disclosure, and data tampering.

CVSS v3 8.0 HIGH

8.0^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.1 / Impact : 5.9

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://nvidia.custhelp.com/app/answers/detail/a_id/5510	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:nvidia:dgx_a100_firmware:*:*:*:*:bmc:*:*:*

cpe:2.3:h:nvidia:dgx_a100:-:*:*:*:*:*:*:*

History

19 Jan 2024, 13:16

Type	Values Removed	Values Added
First Time		Nvidia dgx A100 Nvidia Nvidia dgx A100 Firmware
CPE		cpe:2.3:h:nvidia:dgx_a100:-:::::::* cpe:2.3:o:nvidia:dgx_a100_firmware:::::bmc:::*
Summary		(es) NVIDIA DGX A100 BMC contiene una vulnerabilidad en la que un usuario puede causar un problema de autenticación faltante para una función crítica en una red adyacente. Una explotación exitosa de esta vulnerabilidad puede provocar una escalada de privilegios, ejecución de código, denegación de servicio, divulgación de información y manipulación de datos.
References	~~() https://nvidia.custhelp.com/app/answers/detail/a_id/5510 -~~	() https://nvidia.custhelp.com/app/answers/detail/a_id/5510 - Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~6.8~~	v2 : unknown v3 : 8.0

12 Jan 2024, 19:21

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-01-12 19:15

Updated : 2024-01-19 13:16

NVD link : CVE-2023-31033

Mitre link : CVE-2023-31033

CVE.ORG link : CVE-2023-31033

JSON object : View

Products Affected

nvidia

dgx_a100
dgx_a100_firmware

CWE

CWE-306

Missing Authentication for Critical Function

{"id": "CVE-2023-31033", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.0, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.1}, {"type": "Secondary", "source": "psirt@nvidia.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.9}]}, "published": "2024-01-12T19:15:10.680", "references": [{"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5510", "tags": ["Vendor Advisory"], "source": "psirt@nvidia.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-306"}]}, {"type": "Secondary", "source": "psirt@nvidia.com", "description": [{"lang": "en", "value": "CWE-306"}]}], "descriptions": [{"lang": "en", "value": "NVIDIA DGX A100 BMC contains a vulnerability where a user may cause a missing authentication issue for a critical function by an adjacent network . A successful exploit of this vulnerability may lead to escalation of privileges, code execution, denial of service, information disclosure, and data tampering."}, {"lang": "es", "value": "NVIDIA DGX A100 BMC contiene una vulnerabilidad en la que un usuario puede causar un problema de autenticaci\u00f3n faltante para una funci\u00f3n cr\u00edtica en una red adyacente. Una explotaci\u00f3n exitosa de esta vulnerabilidad puede provocar una escalada de privilegios, ejecuci\u00f3n de c\u00f3digo, denegaci\u00f3n de servicio, divulgaci\u00f3n de informaci\u00f3n y manipulaci\u00f3n de datos."}], "lastModified": "2024-01-19T13:16:06.610", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:nvidia:dgx_a100_firmware:*:*:*:*:bmc:*:*:*", "vulnerable": true, "matchCriteriaId": "866DDFEC-0CB8-4152-B36E-A358497AA4D0", "versionEndExcluding": "00.22.05"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:nvidia:dgx_a100:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8807CB65-5F49-42E8-B5D8-36943418ADB9"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@nvidia.com"}