CVE-2023-25508: Path Traversal
First published: Sat Apr 22 2023(Updated: )
NVIDIA DGX-1 BMC contains a vulnerability in the IPMI handler, where an attacker with the appropriate level of authorization can upload and download arbitrary files under certain circumstances, which may lead to denial of service, escalation of privileges, information disclosure, and data tampering.
Credit: psirt@nvidia.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| NVIDIA Baseboard Management Controller (BMC) | <3.39.30 | |
| NVIDIA DGX-1 P100 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this NVIDIA DGX-1 BMC vulnerability?
The vulnerability ID is CVE-2023-25508.
What is the severity of CVE-2023-25508?
The severity of CVE-2023-25508 is high with a value of 7.8.
What software is affected by CVE-2023-25508?
The affected software is NVIDIA BMC version up to exclusive 3.39.30 and NVIDIA DGX-1 (not vulnerable).
What can an attacker with appropriate authorization do in relation to this vulnerability?
An attacker with appropriate authorization can upload and download arbitrary files, leading to denial of service, escalation of privileges, information disclosure, and data tampering.
How can I fix CVE-2023-25508?
To fix CVE-2023-25508, update NVIDIA BMC to version 3.39.30 or later.
- agent/type
- agent/author
- agent/weakness
- agent/severity
- agent/references
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/nvidia
- canonical/nvidia baseboard management controller (bmc)
- canonical/nvidia dgx-1 p100