Skip to main content

Bmc Firmware

11 CVEs product

Monthly

CVE-2020-11616 HIGH This Week

NVIDIA DGX servers, all BMC firmware versions prior to 3.38.30, contain a vulnerability in the AMI BMC firmware in which the Pseudo-Random Number Generator (PRNG) algorithm used in the JSOL package. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Nvidia Information Disclosure Bmc Firmware
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-11615 HIGH This Week

NVIDIA DGX servers, all BMC firmware versions prior to 3.38.30, contain a vulnerability in the AMI BMC firmware in which it uses a hard-coded RC4 cipher key, which may lead to information disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Nvidia Authentication Bypass Information Disclosure Bmc Firmware
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-11489 HIGH This Week

NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30 and all DGX-2 with BMC firmware versions prior to 1.06.06, contain a vulnerability in the AMI BMC firmware in which default. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Nvidia Information Disclosure Bmc Firmware
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-11488 MEDIUM This Month

NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30 and all DGX-2 with BMC firmware versions prior to 1.06.06, contains a vulnerability in the AMI BMC firmware in which software. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure RCE Jwt Attack Nvidia Bmc Firmware
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2020-11487 HIGH This Week

NVIDIA DGX servers, DGX-1 with BMC firmware versions prior to 3.38.30. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Nvidia Authentication Bypass Information Disclosure Bmc Firmware
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-11486 CRITICAL Act Now

NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30, contain a vulnerability in the AMI BMC firmware in which software allows an attacker to upload or transfer files that can be. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload RCE Nvidia Bmc Firmware
NVD
CVSS 3.1
9.8
EPSS
2.6%
CVE-2020-11485 HIGH This Week

NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30, contains a Cross-Site Request Forgery (CSRF) vulnerability in the AMI BMC firmware in which the web application does not. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure RCE CSRF Nvidia Bmc Firmware
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2020-11484 MEDIUM This Month

NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30, contains a vulnerability in the AMI BMC firmware in which an attacker with administrative privileges can obtain the hash of. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Nvidia Information Disclosure Bmc Firmware
NVD
CVSS 3.1
4.9
EPSS
1.1%
CVE-2020-11483 CRITICAL Act Now

NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30 and all DGX-2 with BMC firmware versions prior to 1.06.06, contains a vulnerability in the AMI BMC firmware in which the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Nvidia Authentication Bypass Information Disclosure Bmc Firmware
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2018-12171 CRITICAL Act Now

Privilege escalation in Intel Baseboard Management Controller (BMC) firmware before version 1.43.91f76955 may allow an unprivileged user to potentially execute arbitrary code or perform denial of. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Intel Privilege Escalation RCE Denial Of Service Bmc Firmware
NVD
CVSS 3.0
9.8
EPSS
2.1%
CVE-2018-3682 HIGH This Week

BMC Firmware in Intel server boards, compute modules, and systems potentially allow an attacker with administrative privileges to make unauthorized read\writes to the SMBUS. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation Bmc Firmware
NVD
CVSS 3.0
8.2
EPSS
0.3%
EPSS 1% CVSS 7.5
HIGH This Week

NVIDIA DGX servers, all BMC firmware versions prior to 3.38.30, contain a vulnerability in the AMI BMC firmware in which the Pseudo-Random Number Generator (PRNG) algorithm used in the JSOL package. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Nvidia Information Disclosure Bmc Firmware
NVD
EPSS 1% CVSS 7.5
HIGH This Week

NVIDIA DGX servers, all BMC firmware versions prior to 3.38.30, contain a vulnerability in the AMI BMC firmware in which it uses a hard-coded RC4 cipher key, which may lead to information disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Nvidia Authentication Bypass Information Disclosure +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30 and all DGX-2 with BMC firmware versions prior to 1.06.06, contain a vulnerability in the AMI BMC firmware in which default. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Nvidia Information Disclosure Bmc Firmware
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30 and all DGX-2 with BMC firmware versions prior to 1.06.06, contains a vulnerability in the AMI BMC firmware in which software. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure RCE Jwt Attack +2
NVD
EPSS 1% CVSS 7.5
HIGH This Week

NVIDIA DGX servers, DGX-1 with BMC firmware versions prior to 3.38.30. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Nvidia Authentication Bypass Information Disclosure +1
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30, contain a vulnerability in the AMI BMC firmware in which software allows an attacker to upload or transfer files that can be. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload RCE Nvidia +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30, contains a Cross-Site Request Forgery (CSRF) vulnerability in the AMI BMC firmware in which the web application does not. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure RCE CSRF +2
NVD
EPSS 1% CVSS 4.9
MEDIUM This Month

NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30, contains a vulnerability in the AMI BMC firmware in which an attacker with administrative privileges can obtain the hash of. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Nvidia Information Disclosure Bmc Firmware
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30 and all DGX-2 with BMC firmware versions prior to 1.06.06, contains a vulnerability in the AMI BMC firmware in which the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Nvidia Authentication Bypass Information Disclosure +1
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

Privilege escalation in Intel Baseboard Management Controller (BMC) firmware before version 1.43.91f76955 may allow an unprivileged user to potentially execute arbitrary code or perform denial of. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Intel Privilege Escalation RCE +2
NVD
EPSS 0% CVSS 8.2
HIGH This Week

BMC Firmware in Intel server boards, compute modules, and systems potentially allow an attacker with administrative privileges to make unauthorized read\writes to the SMBUS. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation Bmc Firmware
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy