Security News > 2020 > October > NVIDIA Patches Critical Bug in High-Performance Servers
NVIDIA released a patch for a critical bug in its high-performance line of DGX servers that could open the door for a remote attacker to take control of and access sensitive data on systems typically operated by governments and Fortune-100 companies.
During the session Gordeychik demonstrated how NVIDIA DGX GPU servers used in machine learning frameworks, data processing pipelines and applications such as medical imaging and face recognition powered CCTV - could be tampered with by an adversary.
As for the actual patches issued by NVIDIA on Wednesday, the most serious is tracked as CVE‑2020‑11483 and is rated critical.
"NVIDIA DGX servers contain a vulnerability in the AMI BMC firmware in which the firmware includes hard-coded credentials, which may lead to elevation of privileges or information disclosure," according to the security bulletin.
Vulnerable NVIDIA DGX server models impacted include DGX-1, DGX-2 and DGX A100.
News URL
https://threatpost.com/nvidia-patches-critical-bug-in-hpc/160762/
Related news
- Critical flaw in NVIDIA Container Toolkit allows full host takeover (source)
- Critical Zimbra RCE flaw exploited to backdoor servers using emails (source)
- GitHub Patches Critical Flaw in Enterprise Server Allowing Unauthorized Instance Access (source)
- VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability (source)
- VMware fixes critical vCenter Server RCE bug – again! (CVE-2024-38812) (source)
- VMware fixes bad patch for critical vCenter Server RCE flaw (source)
- Week in review: Fortinet patches critical FortiManager 0-day, VMware fixes vCenter Server RCE (source)
- Critical RCE bug in VMware vCenter Server now exploited in attacks (source)