CVE-2023-25529

Опубликовано: 20 сент. 2023

Источник: nvd

CVSS3: 8

CVSS3: 8.1

EPSS Низкий

Описание

NVIDIA DGX H100 BMC and DGX A100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a leak of another user’s session token by observing timing discrepancies between server responses. A successful exploit of this vulnerability may lead to information disclosure, escalation of privileges, and data tampering.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:nvidia:dgx_h100_firmware:*:*:*:*:bmc:*:*:*

Версия до 23.08.18 (исключая)

cpe:2.3:h:nvidia:dgx_h100:-:*:*:*:*:*:*:*

EPSS

Процентиль: 53%

0.003

Низкий

8 High

CVSS3

8.1 High

CVSS3

Дефекты

CWE-208

CWE-203

Связанные уязвимости

GHSA-v8jc-h92c-w33g

CVSS3: 8

github

больше 2 лет назад

NVIDIA DGX H100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a leak of another user’s session token by observing timing discrepancies between server responses. A successful exploit of this vulnerability may lead to information disclosure, escalation of privileges, and data tampering.

EPSS

Процентиль: 53%

0.003

Низкий

8 High

CVSS3

8.1 High

CVSS3

Дефекты

CWE-208

CWE-203