CVE-2024-0101

2024-08-0817:15:17

CWE-693

[email protected]

web.nvd.nist.gov

nvidia mellanox onyx skyway metrox-2 metrox-3 xc ipfilter failure denial of service vulnerability

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

17.7%

JSON

NVIDIA Mellanox OS, ONYX, Skyway, MetroX-2 and MetroX-3 XC contain a vulnerability in ipfilter, where improper ipfilter definitions could enable an attacker to cause a failure by attacking the switch. A successful exploit of this vulnerability might lead to denial of service.

Affected configurations

Nvd

Node

nvidiamlnx-osRange<3.11.2002-

AND

nvidiametrox-2Match-

Node

nvidiamlnx-gwRange<8.1.4400lts

nvidiamlnx-gwRange<8.2.2000-

AND

nvidiaskywayMatch-

Node

nvidiaonyxRange<3.10.4402lts

Node

nvidianvda-os_xcRange<18.2.2000

AND

nvidiametrox-3_xcMatch-

VendorProductVersionCPE
nvidiamlnx-os*cpe:2.3:o:nvidia:mlnx-os:*:*:*:*:-:*:*:*
nvidiametrox-2-cpe:2.3:h:nvidia:metrox-2:-:*:*:*:*:*:*:*
nvidiamlnx-gw*cpe:2.3:o:nvidia:mlnx-gw:*:*:*:*:lts:*:*:*
nvidiamlnx-gw*cpe:2.3:o:nvidia:mlnx-gw:*:*:*:*:-:*:*:*
nvidiaskyway-cpe:2.3:h:nvidia:skyway:-:*:*:*:*:*:*:*
nvidiaonyx*cpe:2.3:o:nvidia:onyx:*:*:*:*:lts:*:*:*
nvidianvda-os_xc*cpe:2.3:o:nvidia:nvda-os_xc:*:*:*:*:*:*:*:*
nvidiametrox-3_xc-cpe:2.3:h:nvidia:metrox-3_xc:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
nvidia	mlnx-os	*	cpe:2.3:o:nvidia:mlnx-os:::::-:::*
nvidia	metrox-2	-	cpe:2.3:h:nvidia:metrox-2:-:::::::*
nvidia	mlnx-gw	*	cpe:2.3:o:nvidia:mlnx-gw:::::lts:::*
nvidia	mlnx-gw	*	cpe:2.3:o:nvidia:mlnx-gw:::::-:::*
nvidia	skyway	-	cpe:2.3:h:nvidia:skyway:-:::::::*
nvidia	onyx	*	cpe:2.3:o:nvidia:onyx:::::lts:::*
nvidia	nvda-os_xc	*	cpe:2.3:o:nvidia:nvda-os_xc::::::::
nvidia	metrox-3_xc	-	cpe:2.3:h:nvidia:metrox-3_xc:-:::::::*