First published: Fri Aug 09 2024(Updated: )
NVIDIA Mellanox OS, ONYX, Skyway, and MetroX-3 XCC contain a vulnerability in the web support, where an attacker can cause a CGI path traversal by a specially crafted URI. A successful exploit of this vulnerability might lead to escalation of privileges and information disclosure.
Credit: psirt@nvidia.com
Affected Software | Affected Version | How to fix |
---|---|---|
Mellanox OS | <3.10.4500 | |
Mellanox OS | <3.12.1002 | |
Mellanox OS | >=3.11.0000<3.11.2302 | |
NVIDIA Onyx | <3.10.4504 | |
All of | ||
Any of | ||
Nvidia Mlnx-gw | <8.1.4500 | |
Nvidia Mlnx-gw | <8.2.2300 | |
Nvidia MGA100-HS2 | ||
All of | ||
Nvidia Nvda-os Xc | <18.2.2200 | |
Nvidia MTQ8400-HS2R | ||
All of | ||
Mellanox OS | <3.12.1002 | |
Any of | ||
Nvidia TQ8100-HS2F | ||
Nvidia Tq8200-hs2f |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2024-0113 is considered a high severity vulnerability due to its potential for privilege escalation and information disclosure.
To fix CVE-2024-0113, update your affected NVIDIA software to the latest version that addresses this vulnerability.
CVE-2024-0113 affects various versions of NVIDIA Mellanox OS, ONYX, Skyway, MetroX-3, and related software.
CVE-2024-0113 is a web support vulnerability that allows path traversal through specially crafted URIs.
Yes, exploitation of CVE-2024-0113 may result in information disclosure, potentially leading to data leaks.