SB2020102936 - Multiple vulnerabilities in NVIDIA DGX servers

Description

This security bulletin contains information about 9 secuirty vulnerabilities.

1) Use of Hard-coded Cryptographic Key (CVE-ID: CVE-2020-11487)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to usage of a hard-coded RSA 1024 key with weak ciphers in the AMI BMC firmware. A remote attacker can gain unauthorized access to sensitive information on the system.

2) Use of hard-coded credentials (CVE-ID: CVE-2020-11483)

The vulnerability allows a remote attacker to gain full access to vulnerable system.

The vulnerability exists due to presence of hard-coded credentials in application code in the AMI BMC firmware. A remote unauthenticated attacker can access the affected system using the hard-coded credentials.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

3) Information disclosure (CVE-ID: CVE-2020-11484)

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application. A local administrator can obtain the hash of the BMC/IPMI user password.

4) Cross-site request forgery (CVE-ID: CVE-2020-11485)

The vulnerability allows a remote attacker to perform cross-site request forgery attacks.

The vulnerability exists due to insufficient validation of the HTTP request origin. A remote attacker can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website.

5) Arbitrary file upload (CVE-ID: CVE-2020-11486)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to insufficient validation of file during file upload. A remote attacker can upload or transfer files that can be automatically processed within the product's environment, which may lead to remote code execution.

6) Security Features (CVE-ID: CVE-2020-11488)

The vulnerability allows a local user to compromise the target system.

The vulnerability exists due to the affected software does not validate the RSA 1024 public key used to verify the firmware signature. A local administrator can cause information disclosure or arbitrary code execution. 

7) Information disclosure (CVE-ID: CVE-2020-11489)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to default SNMP community strings are used in the AMI BMC firmware. A remote attacker can gain unauthorized access to sensitive information on the system.

8) Use of Hard-coded Cryptographic Key (CVE-ID: CVE-2020-11615)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to usage of a hard-coded RC4 cipher key in the AMI BMC firmware. A remote attacker can gain unauthorized access to sensitive information on the system.

9) Cryptographic issues (CVE-ID: CVE-2020-11616)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the Pseudo-Random Number Generator (PRNG) algorithm used in the JSOL package that implements the IPMI protocol is not cryptographically strong. A remote attacker on the local network can gain unauthorized access to sensitive information on the system.

Remediation

Install update from vendor's website.

References

• https://nvidia.custhelp.com/app/answers/detail/a_id/5010