Common Weakness Enumeration

CWE-1244

Allowed

Internal Asset Exposed to Unsafe Debug Access Level or State

Abstraction: Base · Status: Stable

The product uses physical debug or test interfaces with support for multiple access levels, but it assigns the wrong debug access level to an internal asset, providing unintended access to the asset from untrusted debug agents.

22 vulnerabilities reference this CWE, most recent first.

GHSA-JMQM-X5RX-7564

Vulnerability from github – Published: 2025-09-05 18:31 – Updated: 2025-09-05 18:31
VLAI
Details

NVIDIA HGX and DGX contain a vulnerability where a misconfiguration of the LS10 could enable an attacker to set an unsafe debug access level. A successful exploit of this vulnerability might lead to denial of service.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-23302"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1244"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-04T16:15:35Z",
    "severity": "MODERATE"
  },
  "details": "NVIDIA HGX and DGX contain a vulnerability where a misconfiguration of the LS10 could enable an attacker to set an unsafe debug access level. A successful exploit of this vulnerability might lead to denial of service.",
  "id": "GHSA-jmqm-x5rx-7564",
  "modified": "2025-09-05T18:31:15Z",
  "published": "2025-09-05T18:31:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23302"
    },
    {
      "type": "WEB",
      "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5674"
    },
    {
      "type": "WEB",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23302"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QH47-4WJJ-CQJJ

Vulnerability from github – Published: 2025-03-05 03:30 – Updated: 2025-03-05 03:30
VLAI
Details

NVIDIA Hopper HGX for 8-GPU contains a vulnerability in the HGX Management Controller (HMC) that may allow a malicious actor with administrative access on the BMC to access the HMC as an administrator. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-0114"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1244"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-05T02:15:35Z",
    "severity": "HIGH"
  },
  "details": "NVIDIA Hopper HGX for 8-GPU contains a vulnerability in the HGX Management Controller (HMC) that may allow a malicious actor with administrative access on the BMC to access the HMC as an administrator. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.",
  "id": "GHSA-qh47-4wjj-cqjj",
  "modified": "2025-03-05T03:30:51Z",
  "published": "2025-03-05T03:30:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0114"
    },
    {
      "type": "WEB",
      "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5561"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design Implementation

For security-sensitive assets accessible over debug/test interfaces, only allow trusted agents.

Mitigation
Architecture and Design

Apply blinding [REF-1219] or masking techniques in strategic areas.

Mitigation
Implementation

Add shielding or tamper-resistant protections to the device, which increases the difficulty and cost for accessing debug/test interfaces.

CAPEC-114: Authentication Abuse

An attacker obtains unauthorized access to an application, service or device either through knowledge of the inherent weaknesses of an authentication mechanism, or by exploiting a flaw in the authentication scheme's implementation. In such an attack an authentication mechanism is functioning but a carefully controlled sequence of events causes the mechanism to grant access to the attacker.