N/A

NVIDIA DGX-1 BMC contains a vulnerability in the IPMI handler, where an attacker with the appropriate level of authorization can upload and download arbitrary files under certain circumstances, which may lead to denial of service, escalation of privileges, information disclosure, and data tampering.

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

对路径名的限制不恰当(路径遍历)

NVIDIA DGX-1 路径遍历漏洞

NVIDIA DGX-1是美国英伟达（NVIDIA）公司的一款应用于深度学习的个人计算机设备。 NVIDIA DGX-1 Servers存在安全漏洞，该漏洞源于具有适当权限的攻击者可以在特定情况下上传和下载任意文件，这可能导致拒绝服务、提权、信息泄露和数据篡改。

N/A

N/A