CVE-2022-42287: Malicious File Upload
First published: Fri Jan 13 2023(Updated: )
NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can upload and download arbitrary files under certain circumstances, which may lead to denial of service, escalation of privileges, information disclosure and data tampering.
Credit: psirt@nvidia.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| NVIDIA BMC | <00.19.07 | |
| NVIDIA DGX A100 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-42287?
CVE-2022-42287 is a vulnerability in NVIDIA BMC IPMI handler that allows an authorized attacker to upload and download arbitrary files, potentially leading to denial of service, escalation of privileges, information disclosure, and data tampering.
What is the severity of CVE-2022-42287?
The severity of CVE-2022-42287 is high, with a CVSS score of 7.8.
How does CVE-2022-42287 affect NVIDIA BMC?
CVE-2022-42287 affects NVIDIA BMC by allowing an authorized attacker to upload and download arbitrary files, which may result in various security risks.
How can CVE-2022-42287 be exploited?
CVE-2022-42287 can be exploited by an authorized attacker who can upload and download arbitrary files on NVIDIA BMC under certain circumstances.
Is NVIDIA DGX A100 affected by CVE-2022-42287?
No, NVIDIA DGX A100 is not affected by CVE-2022-42287.
- collector/nvd-index
- agent/weakness
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/tags
- agent/references
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/severity
- agent/event
- vendor/nvidia
- canonical/nvidia bmc
- canonical/nvidia dgx a100