Denis Kolegov

#8374of 53,632
32.8Total CVSS
Vulnerabilities · 4
Medium
1
High
2
Critical
1
PT-2020-12637
8.8
2020-10-29
Nvidia · Nvidia Dgx · CVE-2020-11485
**Name of the Vulnerable Software and Affected Versions** NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30 **Description** The issue is related to a Cross-Site Request Forgery (CSRF) vulnerability in the AMI BMC firmware. This vulnerability occurs because the web application does not sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request. As a result, it can lead to information disclosure or code execution. **Recommendations** For NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30, update the BMC firmware to version 3.38.30 or later to resolve the issue.
PT-2020-12638
9.8
2020-10-29
Ami · Ami Bmc Firmware · CVE-2020-11486
**Name of the Vulnerable Software and Affected Versions** NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30 **Description** The issue allows an attacker to upload or transfer files that can be automatically processed within the product's environment, which may lead to remote code execution. This is due to a vulnerability in the AMI BMC firmware. **Recommendations** For NVIDIA DGX-1 servers with BMC firmware versions prior to 3.38.30, update the BMC firmware to version 3.38.30 or later to resolve the issue.
PT-2020-12640
6.7
2020-10-29
Nvidia · Nvidia Dgx-2 · CVE-2020-11488
**Name of the Vulnerable Software and Affected Versions** NVIDIA DGX-1 versions prior to 3.38.30 NVIDIA DGX-2 versions prior to 1.06.06 **Description** The issue is related to the AMI BMC firmware in NVIDIA DGX servers, where the software does not validate the RSA 1024 public key used to verify the firmware signature. This may lead to information disclosure or code execution. **Recommendations** For NVIDIA DGX-1 versions prior to 3.38.30, update the BMC firmware to version 3.38.30 or later. For NVIDIA DGX-2 versions prior to 1.06.06, update the BMC firmware to version 1.06.06 or later.
PT-2020-12729
7.5
2020-10-29
Nvidia · Nvidia Dgx · CVE-2020-11616
**Name of the Vulnerable Software and Affected Versions** NVIDIA DGX servers versions prior to 3.38.30 **Description** The issue is related to a weakness in the Pseudo-Random Number Generator (PRNG) algorithm used in the JSOL package, which implements the IPMI protocol in the AMI BMC firmware. This weakness may lead to information disclosure because the PRNG algorithm is not cryptographically strong. **Recommendations** For versions prior to 3.38.30, update the BMC firmware to version 3.38.30 or later to resolve the issue. As a temporary workaround, consider restricting access to the IPMI protocol to minimize the risk of exploitation.