What is CVE-2023-0209?

CVE-2023-0209 is a high-severity vulnerability in Nvidia Dgx Servers, classified under Improper Authentication. CVSS score: 8.2/10. Published 2023-04-22.

How severe is CVE-2023-0209?

High severity. CVSS v3 base score is 8.2 out of 10.

Auth bypass in Nvidia Dgx Servers

CVE-2023-0209

NVIDIA DGX-1 SBIOS contains a vulnerability in the Uncore PEI module, where authentication of the code executed by SSA is missing, which may lead to arbitrary code execution, denial of service, escalation of privileges assisted by a firmwa…

Vulnerability class: Broken Authentication

EPSS: 0.000 (15.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.2 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H.

Affected products

Nvidia Dgx Servers — versions All SBIOS prior to S2W_3A13

Weakness classification (CWE)

CWE-287 — Improper Authentication

References

nvidia.custhelp.com/app/answers/detail/a_id/5458

Frequently asked questions

What is CVE-2023-0209?: CVE-2023-0209 is a high-severity vulnerability in Nvidia Dgx Servers, classified under Improper Authentication. CVSS score: 8.2/10. Published 2023-04-22.
How severe is CVE-2023-0209?: High severity. CVSS v3 base score is 8.2 out of 10.