CVE-2023-31033

NVIDIA DGX A100 BMC contains a vulnerability where a user may cause a missing authentication issue for a critical function by an adjacent network . A successful exploit of this vulnerability may lead to escalation of privileges, code execution, denial of service, information disclosure, and data tampering.

CVSS v3 6.8 MEDIUM

6.8^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.9 / Impact : 5.9

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://nvidia.custhelp.com/app/answers/detail/a_id/5510	Vendor Advisory
https://nvidia.custhelp.com/app/answers/detail/a_id/5510	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:nvidia:dgx_a100_firmware:*:*:*:*:bmc:*:*:*

cpe:2.3:h:nvidia:dgx_a100:-:*:*:*:*:*:*:*

History

21 Nov 2024, 08:01

Type	Values Removed	Values Added
References	~~() https://nvidia.custhelp.com/app/answers/detail/a_id/5510 - Vendor Advisory~~	() https://nvidia.custhelp.com/app/answers/detail/a_id/5510 - Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~8.0~~	v2 : unknown v3 : 6.8

19 Jan 2024, 13:16

Type	Values Removed	Values Added
First Time		Nvidia dgx A100 Firmware Nvidia dgx A100 Nvidia
CPE		cpe:2.3:h:nvidia:dgx_a100:-:::::::* cpe:2.3:o:nvidia:dgx_a100_firmware:::::bmc:::*
CWE		CWE-306
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 8.0
References	~~() https://nvidia.custhelp.com/app/answers/detail/a_id/5510 -~~	() https://nvidia.custhelp.com/app/answers/detail/a_id/5510 - Vendor Advisory

12 Jan 2024, 19:21

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-01-12 19:15

Updated : 2024-11-21 08:01

NVD link : CVE-2023-31033

Mitre link : CVE-2023-31033

CVE.ORG link : CVE-2023-31033

JSON object : View

Products Affected

nvidia

dgx_a100
dgx_a100_firmware

CWE

CWE-306

Missing Authentication for Critical Function

{"id": "CVE-2023-31033", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@nvidia.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.0, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.1}]}, "published": "2024-01-12T19:15:10.680", "references": [{"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5510", "tags": ["Vendor Advisory"], "source": "psirt@nvidia.com"}, {"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5510", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "psirt@nvidia.com", "description": [{"lang": "en", "value": "CWE-306"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-306"}]}], "descriptions": [{"lang": "en", "value": "NVIDIA DGX A100 BMC contains a vulnerability where a user may cause a missing authentication issue for a critical function by an adjacent network . A successful exploit of this vulnerability may lead to escalation of privileges, code execution, denial of service, information disclosure, and data tampering."}, {"lang": "es", "value": "NVIDIA DGX A100 BMC contiene una vulnerabilidad en la que un usuario puede causar un problema de autenticaci\u00f3n faltante para una funci\u00f3n cr\u00edtica en una red adyacente. Una explotaci\u00f3n exitosa de esta vulnerabilidad puede provocar una escalada de privilegios, ejecuci\u00f3n de c\u00f3digo, denegaci\u00f3n de servicio, divulgaci\u00f3n de informaci\u00f3n y manipulaci\u00f3n de datos."}], "lastModified": "2024-11-21T08:01:17.300", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:nvidia:dgx_a100_firmware:*:*:*:*:bmc:*:*:*", "vulnerable": true, "matchCriteriaId": "866DDFEC-0CB8-4152-B36E-A358497AA4D0", "versionEndExcluding": "00.22.05"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:nvidia:dgx_a100:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8807CB65-5F49-42E8-B5D8-36943418ADB9"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@nvidia.com"}