CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-25507
https://notcve.org/view.php?id=CVE-2023-25507
NVIDIA DGX-1 BMC contains a vulnerability in the SPX REST API, where an attacker with the appropriate level of authorization can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure, and data tampering. • https://nvidia.custhelp.com/app/answers/detail/a_id/5458 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.2EPSS: 0%CPEs: 2EXPL: 0CVE-2023-25506
https://notcve.org/view.php?id=CVE-2023-25506
NVIDIA DGX-1 contains a vulnerability in Ofbd in AMI SBIOS, where a preconditioned heap can allow a user with elevated privileges to cause an access beyond the end of a buffer, which may lead to code execution, escalation of privileges, denial of service and information disclosure. The scope of the impact of this vulnerability can extend to other components. • https://nvidia.custhelp.com/app/answers/detail/a_id/5458 • CWE-787: Out-of-bounds Write CWE-788: Access of Memory Location After End of Buffer •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-25505
https://notcve.org/view.php?id=CVE-2023-25505
NVIDIA DGX-1 BMC contains a vulnerability in the IPMI handler of the AMI MegaRAC BMC , where an attacker with the appropriate level of authorization can cause a buffer overflow, which may lead to denial of service, information disclosure, or arbitrary code execution. • https://nvidia.custhelp.com/app/answers/detail/a_id/5458 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.2EPSS: 0%CPEs: 2EXPL: 0CVE-2023-0209
https://notcve.org/view.php?id=CVE-2023-0209
NVIDIA DGX-1 SBIOS contains a vulnerability in the Uncore PEI module, where authentication of the code executed by SSA is missing, which may lead to arbitrary code execution, denial of service, escalation of privileges assisted by a firmware implant, information disclosure assisted by a firmware implant, data tampering, and SecureBoot bypass. • https://nvidia.custhelp.com/app/answers/detail/a_id/5458 • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-0207
https://notcve.org/view.php?id=CVE-2023-0207
NVIDIA DGX-2 SBIOS contains a vulnerability where an attacker may modify the ServerSetup NVRAM variable at runtime by executing privileged code. A successful exploit of this vulnerability may lead to denial of service. • https://nvidia.custhelp.com/app/answers/detail/a_id/5449 • CWE-732: Incorrect Permission Assignment for Critical Resource •