2.47

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

intel

CWE-338

NVD

Published: 2020-10-29

Updated: 2021-07-21

Summary

NVIDIA DGX servers, all BMC firmware versions prior to 3.38.30, contain a vulnerability in the AMI BMC firmware in which the Pseudo-Random Number Generator (PRNG) algorithm used in the JSOL package that implements the IPMI protocol is not cryptographically strong, which may lead to information disclosure.

Vulnerable Configurations

Part	Description	Count
OS	Intel Intel BMC Firmware - Intel BMC Firmware 1.06.06 Intel BMC Firmware 2.47	3
Hardware	Nvidia Nvidia DGX 1 -	1

Common Weakness Enumeration (CWE)

CWE-338 - Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5010