NVIDIA HGX and DGX Management Controller Vulnerability Allowing Unauthorized Access and Privilege Escalation
Vulnerability
A vulnerability exists in the HGX Management Controller (HMC) of NVIDIA HGX and DGX systems, specifically in the GB200, GB300, and B300 versions. This vulnerability may allow a malicious actor with administrative access on the Baseboard Management Controller (BMC) to gain unauthorized administrative access to the HMC. Exploitation of this vulnerability could result in code execution, denial of service, unauthorized privilege escalation, information disclosure, and data tampering.
Impact
Successful exploitation could lead to unauthorized administrative access on the HMC, allowing for code execution, denial of service, privilege escalation, information disclosure, and data tampering.
Remediation
NVIDIA has released a software update for the affected products. Users should download and install the latest update from the NVIDIA Developer Tools page. For specific version details, refer to the NVIDIA security bulletin.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.