CVE-2023-25529
Severity Score
8.1
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
NVIDIA DGX H100 BMC and DGX A100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a leak of another user’s session token by observing timing discrepancies between server responses. A successful exploit of this vulnerability may lead to information disclosure, escalation of privileges, and data tampering.
NVIDIA DGX H100 BMC contiene una vulnerabilidad en el daemon KVM del anfitrión, donde un atacante no autenticado puede causar una fuga del token de sesión de otro usuario al observar discrepancias de tiempo entre las respuestas del servidor. Una explotación exitosa de esta vulnerabilidad puede dar lugar a la divulgación de información, la escalada de privilegios y la manipulación de datos.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-02-07 CVE Reserved
- 2023-09-20 CVE Published
- 2024-08-02 CVE Updated
- 2024-08-20 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-203: Observable Discrepancy
- CWE-208: Observable Timing Discrepancy
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://nvidia.custhelp.com/app/answers/detail/a_id/5510 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://nvidia.custhelp.com/app/answers/detail/a_id/5473 | 2024-01-25 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Nvidia Search vendor "Nvidia" | Dgx H100 Firmware Search vendor "Nvidia" for product "Dgx H100 Firmware" | < 23.08.18 Search vendor "Nvidia" for product "Dgx H100 Firmware" and version " < 23.08.18" | bmc |
Affected
| in | Nvidia Search vendor "Nvidia" | Dgx H100 Search vendor "Nvidia" for product "Dgx H100" | - | - |
Safe
|