CVE-2020-11484
First published: Thu Oct 29 2020(Updated: )
NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30, contains a vulnerability in the AMI BMC firmware in which an attacker with administrative privileges can obtain the hash of the BMC/IPMI user password, which may lead to information disclosure.
Credit: psirt@nvidia.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Intel Bmc Firmware | <3.38.30 | |
| NVIDIA DGX-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability in NVIDIA DGX servers with BMC firmware prior to 3.38.30?
An attacker with administrative privileges can obtain the hash of the BMC/IPMI user password, leading to information disclosure.
Which NVIDIA DGX servers are affected by CVE-2020-11484?
All DGX-1 servers with BMC firmware versions prior to 3.38.30 are affected.
What is the severity rating of CVE-2020-11484?
The severity rating of CVE-2020-11484 is medium with a rating of 4.9.
How can I fix the vulnerability in NVIDIA DGX servers?
To fix the vulnerability, update the BMC firmware to version 3.38.30 or higher.
Where can I find more information about CVE-2020-11484?
You can find more information about CVE-2020-11484 at the following link: [https://nvidia.custhelp.com/app/answers/detail/a_id/5010]
- collector/nvd-index
- agent/event
- agent/references
- agent/severity
- agent/author
- agent/description
- agent/type
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/intel
- canonical/intel bmc firmware
- vendor/nvidia
- canonical/nvidia dgx-1