CVE-2020-11616

Summary

NVIDIA DGX servers, all BMC firmware versions prior to 3.38.30, contain a vulnerability in the AMI BMC firmware in which the Pseudo-Random Number Generator (PRNG) algorithm used in the JSOL package that implements the IPMI protocol is not cryptographically strong, which may lead to information disclosure.

Affected Software

VendorProductVersion RangeStatus
NVIDIANVIDIA DGX ServersAll DGX-1 with BMC firmware versions prior to 3.38.30affected

Weaknesses

  • information disclosure

ADP Enrichment

CVE Program Container

Additional References

References