Vulnerabilities > CVE-2022-42288 - Information Exposure Through Discrepancy vulnerability in Nvidia DGX A100 Firmware

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

nvidia

CWE-203

NVD

Published: 2023-01-13

Updated: 2023-01-23

Summary

NVIDIA BMC contains a vulnerability in IPMI handler, where an unauthorized attacker can use certain oracles to guess a valid BMC username, which may lead to an information disclosure.

Vulnerable Configurations

Part	Description	Count
OS	Nvidia Nvidia DGX A100 Firmware -	1
Hardware	Nvidia Nvidia DGX A100 -	1

Common Weakness Enumeration (CWE)

CWE-203 - Information Exposure Through Discrepancy

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5435