CVE-2022-42277

CVSS 7.5 HIGHEPSS 0.2%CWE-288

Vexday Risk Score

21Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 7.5EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

13 Jan 2023Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

NVIDIA DGX Station contains a vulnerability in SBIOS in the SmiFlash, where a local user with elevated privileges can read, write and erase flash, which may lead to code execution, escalation of privileges, denial of service, and information disclosure. The scope of impact can extend to other components.

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Affected products

NVIDIA · NVIDIA DGX servers

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5435