CVE-2022-42289: OS Command Injection
First published: Fri Jan 13 2023(Updated: )
NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure and data tampering.
Credit: psirt@nvidia.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Nvidia Dgx A100 Firmware | <00.19.07 | |
| NVIDIA DGX A100 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this NVIDIA BMC vulnerability?
The vulnerability ID for this NVIDIA BMC vulnerability is CVE-2022-42289.
What is the title of this NVIDIA BMC vulnerability?
The title of this NVIDIA BMC vulnerability is "NVIDIA BMC contains a vulnerability in SPX REST API where an authorized attacker can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure and data tampering."
What is the severity of CVE-2022-42289?
The severity of CVE-2022-42289 is high with a CVSS score of 8.8.
What software is affected by this vulnerability?
The NVIDIA DGX A100 Firmware version up to and excluding 00.19.07 is affected by this vulnerability.
How can an attacker exploit this vulnerability?
An authorized attacker can exploit this NVIDIA BMC vulnerability by injecting arbitrary shell commands through the SPX REST API, potentially leading to code execution, denial of service, information disclosure, and data tampering.
- collector/nvd-index
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/description
- agent/event
- agent/type
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/nvidia
- canonical/nvidia dgx a100 firmware
- canonical/nvidia dgx a100