Strix
26.1K

CVE-2020-11486

CRITICALCVSS 9.8/10EPSS 2.61%

Last modified

CVE-2020-11486 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30, contain a vulnerability in the AMI BMC firmware in which software allows an attacker to upload or transfer files that can be automatically processed within the product's environment, which may lead to remote code execution.. EPSS estimates a 2.61% chance of exploitation in the next 30 days.

Description

NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30, contain a vulnerability in the AMI BMC firmware in which software allows an attacker to upload or transfer files that can be automatically processed within the product's environment, which may lead to remote code execution.

Metrics

CVSS 3.1
9.8/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability
2.61%

83.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
IntelBmc Firmware< 3.38.30

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2020-11486?
NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30, contain a vulnerability in the AMI BMC firmware in which software allows an attacker to upload or transfer files that can be automatically processed within the product's environment, which may lead to remote code execution.
How severe is CVE-2020-11486?
CVE-2020-11486 has a CVSS score of 9.8/10 (CRITICAL severity). The EPSS model estimates a 2.61% probability of exploitation in the next 30 days.
How do I fix CVE-2020-11486?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2020-11486?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST