CVE-2020-11488 — MEDIUM (6.7)

Q: How severe is CVE-2020-11488?

CVE-2020-11488 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-11488?

Check the references section above for vendor advisories and patch information. Affected products include: Intel Bmc Firmware, Nvidia Dgx-1, Nvidia Dgx-2.

Vulnerability Description

NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30 and all DGX-2 with BMC firmware versions prior to 1.06.06, contains a vulnerability in the AMI BMC firmware in which software does not validate the RSA 1024 public key used to verify the firmware signature, which may lead to information disclosure or code execution.

CVSS Score

6.7

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Intel	Bmc Firmware	< 3.38.30
Nvidia	Dgx-1	-
Nvidia	Dgx-2	-

Related Weaknesses (CWE)

CWE-347

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5010Vendor Advisory
https://nvidia.custhelp.com/app/answers/detail/a_id/5010Vendor Advisory

FAQ

What is CVE-2020-11488?

CVE-2020-11488 is a vulnerability with a CVSS score of 6.7 (MEDIUM). NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30 and all DGX-2 with BMC firmware versions prior to 1.06.06, contains a vulnerability in the AMI BMC firmware in which software ...

How severe is CVE-2020-11488?

CVE-2020-11488 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-11488?

Check the references section above for vendor advisories and patch information. Affected products include: Intel Bmc Firmware, Nvidia Dgx-1, Nvidia Dgx-2.