CVE-2023-25531

HIGH

Nvidia Dgx H100 Firmware - Insufficiently Protected Credentials

Title source: rule

Description

NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause insufficient protection of credentials. A successful exploit of this vulnerability may lead to code execution, denial of service, information disclosure, and escalation of privileges.

References (1)

[Vendor Advisory] https://nvidia.custhelp.com/app/answers/detail/a_id/5473

Scores

CVSS v3 7.6

EPSS 0.0023

EPSS Percentile 45.3%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H

Classification

CWE

CWE-522

Status published

Affected Products (1)

nvidia/dgx_h100_firmware < 23.08.18

Timeline

Published Sep 20, 2023

Tracked Since Feb 18, 2026