PT-2020-12640 · Nvidia · Nvidia Dgx-2+1

Denis Kolegov

Published

2020-10-29

Updated

2020-11-05

CVE-2020-11488

CVSS v3.1

6.7

Medium

Vector

AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions NVIDIA DGX-1 versions prior to 3.38.30 NVIDIA DGX-2 versions prior to 1.06.06

Description The issue is related to the AMI BMC firmware in NVIDIA DGX servers, where the software does not validate the RSA 1024 public key used to verify the firmware signature. This may lead to information disclosure or code execution.

Recommendations For NVIDIA DGX-1 versions prior to 3.38.30, update the BMC firmware to version 3.38.30 or later. For NVIDIA DGX-2 versions prior to 1.06.06, update the BMC firmware to version 1.06.06 or later.

Fix

Improper Verification of Cryptographic Signature

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-347

Related Identifiers

CVE-2020-11488

Affected Products

Nvidia Dgx-1

Nvidia Dgx-2

PT-2020-12640 · Nvidia · Nvidia Dgx-2+1

CVE-2020-11488

Weakness Enumeration

Related Identifiers

Affected Products

References · 5