PT-2020-12637 · Nvidia+1 · Nvidia Dgx+1
Denis Kolegov
+2
·
Published
2020-10-29
·
Updated
2020-11-05
·
CVE-2020-11485
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30
Description
The issue is related to a Cross-Site Request Forgery (CSRF) vulnerability in the AMI BMC firmware. This vulnerability occurs because the web application does not sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request. As a result, it can lead to information disclosure or code execution.
Recommendations
For NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30, update the BMC firmware to version 3.38.30 or later to resolve the issue.
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ami Bmc Firmware
Nvidia Dgx