CVE-2020-11488

CVE Database · CVE-2020-11488

CVE-2020-11488

· MEDIUMModified

CVSS v3.1

6.7

EPSS

0.24%

Published

Oct 29, 2020

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30 and all DGX-2 with BMC firmware versions prior to 1.06.06, contains a vulnerability in the AMI BMC firmware in which software does not validate the RSA 1024 public key used to verify the firmware signature, which may lead to information disclosure or code execution.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-347

Affected Products (4)

intel · bmc_firmware (up to 3.38.30)vulnerable

nvidia · dgx-1

intel · bmc_firmware (up to 1.06.06)vulnerable

nvidia · dgx-2

References (2)

https://nvidia.custhelp.com/app/answers/detail/a_id/5010

Vendor Advisory

https://nvidia.custhelp.com/app/answers/detail/a_id/5010

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs