First published: Thu Oct 29 2020(Updated: )
NVIDIA DGX servers, DGX-1 with BMC firmware versions prior to 3.38.30. DGX-2 with BMC firmware versions prior to 1.06.06 and all DGX A100 Servers with all BMC firmware versions, contains a vulnerability in the AMI BMC firmware in which the use of a hard-coded RSA 1024 key with weak ciphers may lead to information disclosure.
Credit: psirt@nvidia.com
Affected Software | Affected Version | How to fix |
---|---|---|
Intel Bmc Firmware | <3.38.30 | |
NVIDIA DGX-1 | ||
Intel Bmc Firmware | <1.06.06 | |
NVIDIA DGX-2 | ||
Intel Bmc Firmware | ||
NVIDIA DGX A100 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this NVIDIA DGX servers vulnerability is CVE-2020-11487.
The severity of CVE-2020-11487 is high with a severity value of 7.5.
Intel BMC firmware versions prior to 3.38.30 for DGX-1, prior to 1.06.06 for DGX-2, and all BMC firmware versions for DGX A100 are affected by CVE-2020-11487.
CVE-2020-11487 is a vulnerability in the AMI BMC firmware of NVIDIA DGX servers that allows the use of a hard-coded RSA 1024 key with weak ciphers, which may lead to potential security risks.
To fix the CVE-2020-11487 vulnerability, update the BMC firmware to version 3.38.30 for DGX-1, 1.06.06 for DGX-2, or the latest available version for DGX A100 servers.