First published: Thu Oct 29 2020(Updated: )
NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30, contains a vulnerability in the AMI BMC firmware in which an attacker with administrative privileges can obtain the hash of the BMC/IPMI user password, which may lead to information disclosure.
Credit: psirt@nvidia.com
Affected Software | Affected Version | How to fix |
---|---|---|
Intel Bmc Firmware | <3.38.30 | |
NVIDIA DGX-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
An attacker with administrative privileges can obtain the hash of the BMC/IPMI user password, leading to information disclosure.
All DGX-1 servers with BMC firmware versions prior to 3.38.30 are affected.
The severity rating of CVE-2020-11484 is medium with a rating of 4.9.
To fix the vulnerability, update the BMC firmware to version 3.38.30 or higher.
You can find more information about CVE-2020-11484 at the following link: [https://nvidia.custhelp.com/app/answers/detail/a_id/5010]