9 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:H
8 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.1%
NVIDIA has released a software update for NVIDIA Triton Inference Server to address the issue disclosed in this bulletin. To protect your system, install the latest release from the Triton Inference Server Releases page on GitHub, and view the Secure Deployment Considerations Guide.
Go to NVIDIA Product Security.
This section provides a summary of potential vulnerabilities that this security update addresses and their impact. The description uses CWE™, and the base score and vector use CVSS v3.1 standards.
CVE ID | Description | Vector | Base Score | Severity | CWE | Impacts |
---|---|---|---|---|---|---|
CVE-2024-0103 | NVIDIA Triton Inference Server for Linux contains a vulnerability where a user may cause an incorrect Initialization of resource by network issue. A successful exploit of this vulnerability may lead to information disclosure. | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N | 5.4 | Medium | CWE-1419 | Information disclosure |
CVE-2024-0095 | NVIDIA Triton Inference Server for Linux and Windows contains a vulnerability where a user can inject forged logs and executable commands by injecting arbitrary data as a new log entry. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. | AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:H | 4.3 | Medium | CWE-117 | Data tampering |
The NVIDIA risk assessment is based on an average of risk across a diverse set of installed systems and may not represent the true risk to your local installation. NVIDIA recommends consulting a security or IT professional to evaluate the risk to your specific configuration.
The following tables list the NVIDIA systems affected, firmware versions affected, and the updated version that includes this security update.
CVE IDs Addressed | Affected Products | Platform or OS | Affected Versions | Updated Version |
---|---|---|---|---|
CVE-2024-0095 | NVIDIA Triton Inference Server | Linux, Windows | 20.10 to 24.04 | 24.05 |
CVE-2024-0103 | NVIDIA Triton Inference Server | Linux, Windows | 23.10 to 24.04 | 24.05 |
9 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:H
8 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.1%