CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
20.0%
NVIDIA has released a firmware update for NVIDIA Mellanox OS, ONYX, Skyway, and MetroX-3 XC. To protect your system, download and install this firmware update from the NVIDIA Enterprise Support Portal.
Go to NVIDIA Product Security.
This section provides a summary of potential vulnerabilities that this security update addresses and their impact. Descriptions use CWE™, and base scores and vectors use CVSS v3.1 standards.
CVE ID | Description | Vector | Base Score | Severity | CWE | Impacts |
---|---|---|---|---|---|---|
CVE-2024-0101 | NVIDIA Mellanox OS, ONYX, Skyway, MetroX-2 and MetroX-3 XC contain a vulnerability in ipfilter, where improper ipfilter definitions could enable an attacker to cause a failure by attacking the switch. A successful exploit of this vulnerability might lead to denial of service. | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 7.5 | High | CWE‑693 | Denial of service |
CVE-2024-0104 | NVIDIA Mellanox OS, ONYX, Skyway, MetroX-2 and MetroX-3 XC contain a vulnerability in the LDAP AAA component, where a user can cause improper access. A successful exploit of this vulnerability might lead to information disclosure, data tampering, and escalation of privileges. | AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N | 4.2 | Medium | CWE‑284 | Information disclosure, data tampering, escalation of privileges |
The NVIDIA risk assessment is based on an average of risk across a diverse set of installed systems and may not represent the true risk to your local installation. NVIDIA recommends evaluating the risk to your specific configuration.
The following table lists the NVIDIA products affected, versions affected, and the updated version that includes this security update.
CVE IDs Addressed | Affected Products | Platform or OS | Affected Versions | Updated Version |
---|
CVE‑2024-0101
| Mellanox OS | Mellanox OS | All versions prior to and including 3.11.1000 | 3.11.2002
ONYX | ONYX LTS | All versions prior to and including 3.10.4300 | 3.10.4402
Skyway | Skyway | All versions prior to and including 8.2.1000 | 8.2.2000
Skyway LTS | All versions prior to and including 8.1.4300 | 8.1.4400
MetroX-3 XC | MetroX | All versions prior to and including 18.2.1000 | 18.2.2000
MetroX-2 | MetroX | All versions prior to and including 3.11.1000 | 3.11.2002
CVE‑2024-0104 | Mellanox OS | Mellanox OS LTS | All versions prior to and including 3.11.2100 | 3.11.2202
ONYX | ONYX LTS | All versions prior to and including 3.10.4302 | 3.10.4402
Skyway | Skyway | All versions prior to and including 8.2.2100 | 8.2.2202
MetroX-3 XC | MetroX | All versions prior to and including 18.2.2100 | 18.2.2200
MetroX-2 | MetroX | All versions prior to and including 3.11.1000 | 3.11.2002
Visit the NVIDIA Product Security page to