CVE-2020-11486

CVE Database · CVE-2020-11486

CVE-2020-11486

· CRITICALModified

CVSS v3.1

9.8

EPSS

2.61%

Published

Oct 29, 2020

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30, contain a vulnerability in the AMI BMC firmware in which software allows an attacker to upload or transfer files that can be automatically processed within the product's environment, which may lead to remote code execution.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-434

Affected Products (2)

intel · bmc_firmware (up to 3.38.30)vulnerable

nvidia · dgx-1

References (2)

https://nvidia.custhelp.com/app/answers/detail/a_id/5010

Vendor Advisory

https://nvidia.custhelp.com/app/answers/detail/a_id/5010

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs