Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Required
Privileges Required
None
Attack Vector
Network
0

CVE-2020-11485

Disclosure Date: October 29, 2020
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30, contains a Cross-Site Request Forgery (CSRF) vulnerability in the AMI BMC firmware in which the web application does not sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request, which can lead to information disclosure or code execution.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

General Information

Vendors

  • NVIDIA

Products

  • NVIDIA DGX Servers

Additional Info

Technical Analysis