← back
CVE-2022-31603

CVE-2022-31603

CVSS 6.4 MEDIUMEPSS 0.2%CWE-129
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6.4EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
04 Jul 2022Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
NVIDIA DGX A100 contains a vulnerability in SBIOS in the IpSecDxe, where a user with high privileges and preconditioned IpSecDxe global data can exploit improper validation of an array index to cause code execution, which may lead to denial of service, data integrity impact, and information disclosure.
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected products
NVIDIA · NVIDIA DGX A100

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://nvidia.custhelp.com/app/answers/detail/a_id/5367