CVE-2023-25528
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
NVIDIA DGX H100 baseboard management controller (BMC) contains a vulnerability in a web server plugin, where an unauthenticated attacker may cause a stack overflow by sending a specially crafted network packet. A successful exploit of this vulnerability may lead to arbitrary code execution, denial of service, information disclosure, and data tampering.
El controlador de administración de placa base (BMC) de NVIDIA DGX H100 contiene una vulnerabilidad en un complemento del servidor web, donde un atacante no autenticado puede causar un Desbordamiento del Búfer al enviar un paquete de red especialmente manipulado. Una explotación exitosa de esta vulnerabilidad puede provocar la ejecución de código arbitrario, denegación de servicio, divulgación de información y manipulación de datos.
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2023-02-07 CVE Reserved
- 2023-09-20 CVE Published
- 2024-09-24 CVE Updated
- 2024-10-22 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-121: Stack-based Buffer Overflow
- CWE-787: Out-of-bounds Write
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://nvidia.custhelp.com/app/answers/detail/a_id/5473 | 2023-09-22 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Nvidia Search vendor "Nvidia" | Dgx H100 Firmware Search vendor "Nvidia" for product "Dgx H100 Firmware" | < 23.08.18 Search vendor "Nvidia" for product "Dgx H100 Firmware" and version " < 23.08.18" | bmc |
Affected
| in | Nvidia Search vendor "Nvidia" | Dgx H100 Search vendor "Nvidia" for product "Dgx H100" | - | - |
Safe
|