2.47

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

intel

CWE-1188

NVD

Published: 2020-10-29

Updated: 2021-07-21

Summary

NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30 and all DGX-2 with BMC firmware versions prior to 1.06.06, contain a vulnerability in the AMI BMC firmware in which default SNMP community strings are used, which may lead to information disclosure.

Vulnerable Configurations

Part	Description	Count
OS	Intel Intel BMC Firmware - Intel BMC Firmware 1.06.06 Intel BMC Firmware 2.47	3
Hardware	Nvidia Nvidia DGX 1 - Nvidia DGX 2 -	2

Common Weakness Enumeration (CWE)

CWE-1188 - Insecure Default Initialization of Resource

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5010