Bmc
CVE-2023-25505
HIGH
Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
NVIDIA DGX-1 BMC contains a vulnerability in the IPMI handler of the AMI MegaRAC BMC , where an attacker with the appropriate level of authorization can cause a buffer overflow, which may lead to denial of service, information disclosure, or arbitrary code execution.
AnalysisAI
NVIDIA DGX-1 BMC contains a vulnerability in the IPMI handler of the AMI MegaRAC BMC , where an attacker with the appropriate level of authorization can cause a buffer overflow, which may lead to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Buffer Copy without Size Check (CWE-120), which allows attackers to overflow a buffer to corrupt adjacent memory. NVIDIA DGX-1 BMC contains a vulnerability in the IPMI handler of the AMI MegaRAC BMC , where an attacker with the appropriate level of authorization can cause a buffer overflow, which may lead to denial of service, information disclosure, or arbitrary code execution. Affected products include: Nvidia Bmc.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Always validate buffer sizes before copy operations. Use bounded functions (strncpy, snprintf). Enable compiler protections.
The Supermicro BMC implementation allows remote attackers to bypass authentication and execute arbitrary IPMI commands b
NVIDIA DGX-1 BMC contains a vulnerability in the SPX REST API, where an attacker with the appropriate level of authoriza
NVIDIA DGX-1 BMC contains a vulnerability in the IPMI handler, where an attacker with the appropriate level of authoriza
NVIDIA DGX-2 SBIOS contains a vulnerability in Bds, where a user with high privileges can cause a write beyond the bound
NVIDIA DGX-2 contains a vulnerability in OFBD where a user with high privileges and a pre-conditioned heap can cause an
Same weakness CWE-120 – Classic Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today