CVE-2022-42272 - OpenCVE

NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can cause a buffer overflow, which may lead to code execution, denial of service or escalation of privileges.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Nvidia	Dgx A100 Dgx A100 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:nvidia:dgx_a100_firmware:*:*:*:*:bmc:*:*:*

cpe:2.3:h:nvidia:dgx_a100:-:*:*:*:*:*:*:*

References

Link	Resource
https://nvidia.custhelp.com/app/answers/detail/a_id/5435	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: nvidia

Published: 2023-01-12T22:16:41.786Z

Updated:

Reserved: 2022-10-03T14:20:26.204Z

Link: CVE-2022-42272

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-01-12T23:15:09.967

Modified: 2023-01-20T17:49:18.943

Link: CVE-2022-42272

JSON object: View

Redhat Information

No data.

CWE

CWE-120

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:nvidia:dgx_a100_firmware:*:*:*:*:bmc:*:*:*", "matchCriteriaId": "063DAD57-7DC7-46E6-A5C6-B4D1A3CE7F19", "versionEndExcluding": "00.19.07", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:nvidia:dgx_a100:-:*:*:*:*:*:*:*", "matchCriteriaId": "8807CB65-5F49-42E8-B5D8-36943418ADB9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can cause a buffer overflow, which may lead to code execution, denial of service or escalation of privileges."}, {"lang": "es", "value": "NVIDIA BMC contiene una vulnerabilidad en el controlador IPMI, donde un atacante autorizado puede provocar un desbordamiento del b\u00fafer, lo que puede provocar la ejecuci\u00f3n de c\u00f3digo, denegaci\u00f3n de servicio o escalada de privilegios."}], "id": "CVE-2022-42272", "lastModified": "2023-01-20T17:49:18.943", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "psirt@nvidia.com", "type": "Secondary"}]}, "published": "2023-01-12T23:15:09.967", "references": [{"source": "psirt@nvidia.com", "tags": ["Vendor Advisory"], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5435"}], "sourceIdentifier": "psirt@nvidia.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-120"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-120"}], "source": "psirt@nvidia.com", "type": "Secondary"}]}