CVE-2024-0087

NVIDIA Triton Inference Server for Linux contains a vulnerability where a user can set the logging location to an arbitrary file. If this file exists, logs are appended to the file. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

CVSS v3 9.0 CRITICAL

9.0^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 2.3 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact LOW

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://nvidia.custhelp.com/app/answers/detail/a_id/5535
https://nvidia.custhelp.com/app/answers/detail/a_id/5535

Configurations

No configuration.

History

21 Nov 2024, 08:45

Type	Values Removed	Values Added
Summary		(es) NVIDIA Triton Inference Server para Linux contiene una vulnerabilidad en la que un usuario puede configurar la ubicación de registro en un archivo arbitrario. Si este archivo existe, los registros se agregan al archivo. Una explotación exitosa de esta vulnerabilidad podría provocar la ejecución de código, denegación de servicio, escalada de privilegios, divulgación de información y manipulación de datos.
References	~~() https://nvidia.custhelp.com/app/answers/detail/a_id/5535 -~~	() https://nvidia.custhelp.com/app/answers/detail/a_id/5535 -

14 May 2024, 14:39

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-05-14 14:39

Updated : 2024-11-21 08:45

NVD link : CVE-2024-0087

Mitre link : CVE-2024-0087

CVE.ORG link : CVE-2024-0087

JSON object : View

Products Affected

No product.

CWE

CWE-73

External Control of File Name or Path

9.0 /10