CVE-2022-42278 HIGH

CVE-2022-42278

Vendor Nvidia
Product NVIDIA DGX servers
Weakness CWE-119
Published January 13, 2023
Last update April 7, 2025

CVSS base score

7.2/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can read and write to arbitrary locations within the memory context of the IPMI server process, which may lead to code execution, denial of service, information disclosure and data tampering.

Key dates

02Disclosure timeline

January 13, 2023 CVE published
April 7, 2025 Record updated