CVE-2020-11486

Published: Oct 29, 2020Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30, contain a vulnerability in the AMI BMC firmware in which software allows an attacker to upload or transfer files that can be automatically processed within the product's environment, which may lead to remote code execution.

Affected (1)

Products: Intel: Bmc Firmware

1 product

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Intel Bmc Firmware	Before 3.38.30

Running on/with	Platform Versions
Nvidia Dgx 1	All versions

Related CWEs

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (2)

https://nvidia.custhelp.com/app/answers/detail/a_id/5010

Source: psirt@nvidia.com

Vendor Advisory

https://nvidia.custhelp.com/app/answers/detail/a_id/5010

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.