Lucene search

NvidiaCVE-2024-0113

HistoryAug 12, 2024 - 1:38 p.m.

CVE-2024-0113

2024-08-1213:38:12

CWE-35

CWE-22

nvidia

web.nvd.nist.gov

cve-2024-0113

cgi path traversal

escalation of privileges

information disclosure

nvidia mellanox os

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

6.8

Confidence

High

EPSS

0.001

Percentile

39.9%

JSON

NVIDIA Mellanox OS, ONYX, Skyway, and MetroX-3 XCC contain a vulnerability in the web support, where an attacker can cause a CGI path traversal by a specially crafted URI. A successful exploit of this vulnerability might lead to escalation of privileges and information disclosure.

Affected configurations

Nvd

Node

nvidiamellanox_osRange<3.10.4500mellanox_os_lts

nvidiamellanox_osRange<3.12.1002mellanox_os

nvidiamellanox_osRange3.11.0000–3.11.2302mellanox_os_lts

Node

nvidiaonyxRange<3.10.4504onyx_lts

Node

nvidiaskywayRange<8.1.4500skyway_lts

nvidiaskywayRange<8.2.2300skyway

Node

nvidiametrox-3_xcRange<18.2.2300metrox

Node

nvidiametrox-2Range<3.12.1002metrox

VendorProductVersionCPE
nvidiamellanox_os*cpe:2.3:o:nvidia:mellanox_os:*:*:*:*:*:mellanox_os_lts:*:*
nvidiamellanox_os*cpe:2.3:o:nvidia:mellanox_os:*:*:*:*:*:mellanox_os:*:*
nvidiaonyx*cpe:2.3:o:nvidia:onyx:*:*:*:*:onyx_lts:*:*:*
nvidiaskyway*cpe:2.3:h:nvidia:skyway:*:*:*:*:*:skyway_lts:*:*
nvidiaskyway*cpe:2.3:h:nvidia:skyway:*:*:*:*:*:skyway:*:*
nvidiametrox-3_xc*cpe:2.3:h:nvidia:metrox-3_xc:*:*:*:*:*:metrox:*:*
nvidiametrox-2*cpe:2.3:h:nvidia:metrox-2:*:*:*:*:*:metrox:*:*

Vendor	Product	Version	CPE
nvidia	mellanox_os	*	cpe:2.3:o:nvidia:mellanox_os::::::mellanox_os_lts::*
nvidia	mellanox_os	*	cpe:2.3:o:nvidia:mellanox_os::::::mellanox_os::*
nvidia	onyx	*	cpe:2.3:o:nvidia:onyx:::::onyx_lts:::*
nvidia	skyway	*	cpe:2.3:h:nvidia:skyway::::::skyway_lts::*
nvidia	skyway	*	cpe:2.3:h:nvidia:skyway::::::skyway::*
nvidia	metrox-3_xc	*	cpe:2.3:h:nvidia:metrox-3_xc::::::metrox::*
nvidia	metrox-2	*	cpe:2.3:h:nvidia:metrox-2::::::metrox::*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Mellanox OS"
    ],
    "product": "Mellanox OS",
    "vendor": "NVIDIA",
    "versions": [
      {
        "status": "affected",
        "version": "All versions prior to and including 3.11.4000"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Mellanox OS LTS"
    ],
    "product": "Mellanox OS",
    "vendor": "NVIDIA",
    "versions": [
      {
        "status": "affected",
        "version": "All versions prior to and including 3.11.2200"
      },
      {
        "status": "affected",
        "version": "All versions prior to and including 3.10.4400"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Skyway"
    ],
    "product": "Skyway",
    "vendor": "NVIDIA",
    "versions": [
      {
        "status": "affected",
        "version": "All versions prior to and including 8.2.2200"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Skyway LTS"
    ],
    "product": "Skyway",
    "vendor": "NVIDIA",
    "versions": [
      {
        "status": "affected",
        "version": "All versions prior to and including 8.1.4400"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "MetroX"
    ],
    "product": "MetroX-3 XC",
    "vendor": "NVIDIA",
    "versions": [
      {
        "status": "affected",
        "version": "All versions prior to and including 18.2.2200"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "MetroX"
    ],
    "product": "MetroX-2",
    "vendor": "NVIDIA",
    "versions": [
      {
        "status": "affected",
        "version": "All versions prior to and including 3.11.4000"
      }
    ]
  }
]

References

nvidia.custhelp.com/app/answers/detail/a_id/5563

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

6.8

Confidence

High

EPSS

0.001

Percentile

39.9%

JSON

Related for CVE-2024-0113