CVE-2022-42279: OS Command Injection
First published: Fri Jan 13 2023(Updated: )
NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure and data tampering.
Credit: psirt@nvidia.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Nvidia Dgx A100 Firmware | <00.19.07 | |
| NVIDIA DGX A100 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this NVIDIA BMC vulnerability?
The vulnerability ID is CVE-2022-42279.
What is the severity of CVE-2022-42279?
The severity of CVE-2022-42279 is high with a severity value of 8.8.
Which software is affected by CVE-2022-42279?
The NVIDIA DGX A100 Firmware versions up to and excluding 00.19.07 are affected by CVE-2022-42279.
What can an authorized attacker do with CVE-2022-42279?
An authorized attacker can inject arbitrary shell commands, potentially leading to code execution, denial of service, information disclosure, and data tampering.
How can I fix CVE-2022-42279?
It is recommended to update to a fixed version of the NVIDIA DGX A100 Firmware to mitigate CVE-2022-42279.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/tags
- agent/references
- agent/last-modified-date
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/severity
- agent/event
- vendor/nvidia
- canonical/nvidia dgx a100 firmware
- canonical/nvidia dgx a100