First published: Thu Oct 29 2020(Updated: )
NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30 and all DGX-2 with BMC firmware versions prior to 1.06.06, contains a vulnerability in the AMI BMC firmware in which the firmware includes hard-coded credentials, which may lead to elevation of privileges or information disclosure.
Credit: psirt@nvidia.com
Affected Software | Affected Version | How to fix |
---|---|---|
Intel Bmc Firmware | <3.38.30 | |
NVIDIA DGX-1 | ||
Intel Bmc Firmware | <1.06.06 | |
NVIDIA DGX-2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2020-11483.
The severity of CVE-2020-11483 is critical.
All DGX-1 servers with BMC firmware versions prior to 3.38.30 and all DGX-2 servers with BMC firmware versions prior to 1.06.06 are affected.
CVE-2020-11483 may lead to elevation of privileges or information disclosure.
To fix CVE-2020-11483, update your NVIDIA DGX server BMC firmware to version 3.38.30 or higher for DGX-1 servers and 1.06.06 or higher for DGX-2 servers.