NVIDIA on Wednesday released patches to address a total of nine vulnerabilities impacting NVIDIA DGX servers.
NVIDIA’s DGX systems are designed for enterprise AI applications. All of the bugs were found in the AMI Baseboard Management Controller (BMC) firmware running on the affected devices. This means the vulnerabilities are not specific to NVIDIA and they impact the products of several other vendors as well.
The vulnerabilities were reported to NVIDIA by members of the SCADA StrangeLove project, which focuses on ICS/SCADA security, as part of their research into machine learning infrastructure vulnerabilities.
One of the security flaws has been rated critical, five of them are high severity, two are considered medium severity, and one of them is low severity.
The most important of the bugs is related to the inclusion of hardcoded credentials in the AMI BMC firmware of NVIDIA DGX servers. Tracked as CVE‑2020‑11483, the issue has a CVSS score of 9.8 and exploitation could result in elevation of privileges or information leakage.
Next in line is CVE‑2020‑11484, a vulnerability that could allow an attacker that has administrative privileges to obtain the hash of the BMC/IPMI user password. Featuring a CVSS score of 8.4, the security bug could be exploited to access otherwise restricted information.
The third flaw could lead to information disclosure too. Tracked as CVE‑2020‑11487 (CVSS score 8.2), it exists due to the use of a hardcoded RSA 1024 key with weak ciphers.
With a CVSS score of 8.1, the next two vulnerabilities could lead to remote code execution.
The first of them, CVE‑2020‑11485, is a Cross-Site Request Forgery (CSRF) bug that exists because the web application “does not sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request,” and which could also lead to information disclosure.
The second, CVE‑2020‑11486, could be abused by attackers “to upload or transfer files that can be automatically processed within the product’s environment,” NVIDIA notes in its advisory.
Another high-risk bug that NVIDIA addressed this week is CVE‑2020‑11615 (CVSS score 7.5), where a hardcoded RC4 cipher key used within the firmware could lead to information disclosure.
The medium-severity flaws that NVIDIA patched could lead to information disclosure. The first of them, CVE‑2020‑11488, resides in the RSA 1024 public key used for firmware signature verification not being validated, while the second, CVE‑2020‑11489, exists due to the use of default SNMP community strings.
Last on the list is CVE‑2020‑11616, a low-severity flaw that exists because “the Pseudo-Random Number Generator (PRNG) algorithm used in the JSOL package that implements the IPMI protocol is not cryptographically strong.” Exploitation of the flaw could lead to information disclosure.
NVIDIA says exploitation of these vulnerabilities requires network access to the BMC of the DGX server.
These security holes were found to affect NVIDIA DGX-1, DGX-2, and DGX A100 servers. However, while DGX-1 servers are impacted by all bugs, only some of them affect DGX-2 products and DGX A100 is impacted by a single flaw.
BMC firmware 3.38.30 addresses the issues for DGX-1 servers and BMC firmware 1.06.06 patches the bugs in DGX-2 servers. An update for DGX A100 servers will become available in the second quarter of 2021.
Since the vulnerabilities were found in AMI BMC firmware, SCADA StrangeLove says other vendors appear to be impacted as well, including ASRock Rack, ASUS, DEPO Computers, Gigabyte, Gooxi, Hewlett Packard Enterprise, IBM, Lenovo, Mikrobits (Mikrotik), NetApp, Quanta Computer, and TYAN Computer.
Contacted by SecurityWeek, AMI said it has a close working relationship with NVIDIA, as well as all the other major silicon vendors in the US and abroad. The company said it contracted a third-party security firm to audit its firmware and these vulnerabilities were discovered before NVIDIA brought them to AMI’s attention. Patches have been developed and distributed to customers.
“From our perspective, this incident shows the complexity of the security paradigm in our industry, which requires the industry to work closely together to collaborate, so that we can address these security issues collectively. Over the years, AMI has come up with what we believe to be a robust security framework, which allows us to keep tabs on the security vulnerabilities that are relevant to AMI products, so we can take immediate action. We work together with industry partners on fixes which AMI then distributes to our customers; keeping in close coordination with our partners also makes it easy for AMI customers to apply the fixes that we have developed,” AMI said in an emailed statement.
It added, “In fact, AMI has been working on various mechanisms to simplify this entire process of creating and applying security fixes and patches to vulnerabilities. From our perspective, we don’t see the threat of security issues going away in the future, so we see ourselves as a partner to all silicon manufacturers in many technical and strategic initiatives over the course of many years and we will continue to do so, also to address security vulnerabilities in a timely, coordinated and effective manner.”
*additional reporting by Eduard Kovacs