CVE-2024-0113

NVIDIA Mellanox OS, ONYX, Skyway, and MetroX-3 XCC contain a vulnerability in the web support, where an attacker can cause a CGI path traversal by a specially crafted URI. A successful exploit of this vulnerability might lead to escalation of privileges and information disclosure.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:nvidia:mellanox_os:*:*:*:*:*:mellanox_os_lts:*:*
cpe:2.3:o:nvidia:mellanox_os:*:*:*:*:*:mellanox_os:*:*
cpe:2.3:o:nvidia:mellanox_os:*:*:*:*:*:mellanox_os_lts:*:*

Configuration 2 (hide)

cpe:2.3:o:nvidia:onyx:*:*:*:*:onyx_lts:*:*:*

Configuration 3 (hide)

OR cpe:2.3:h:nvidia:skyway:*:*:*:*:*:skyway_lts:*:*
cpe:2.3:h:nvidia:skyway:*:*:*:*:*:skyway:*:*

Configuration 4 (hide)

cpe:2.3:h:nvidia:metrox-3_xc:*:*:*:*:*:metrox:*:*

Configuration 5 (hide)

cpe:2.3:h:nvidia:metrox-2:*:*:*:*:*:metrox:*:*

History

11 Sep 2024, 17:34

Type Values Removed Values Added
First Time Nvidia
Nvidia metrox-2
Nvidia metrox-3 Xc
Nvidia skyway
Nvidia onyx
Nvidia mellanox Os
CPE cpe:2.3:h:nvidia:metrox-3_xc:*:*:*:*:*:metrox:*:*
cpe:2.3:o:nvidia:onyx:*:*:*:*:onyx_lts:*:*:*
cpe:2.3:h:nvidia:skyway:*:*:*:*:*:skyway:*:*
cpe:2.3:o:nvidia:mellanox_os:*:*:*:*:*:mellanox_os_lts:*:*
cpe:2.3:h:nvidia:skyway:*:*:*:*:*:skyway_lts:*:*
cpe:2.3:o:nvidia:mellanox_os:*:*:*:*:*:mellanox_os:*:*
cpe:2.3:h:nvidia:metrox-2:*:*:*:*:*:metrox:*:*
References () https://nvidia.custhelp.com/app/answers/detail/a_id/5563 - () https://nvidia.custhelp.com/app/answers/detail/a_id/5563 - Vendor Advisory
Summary
  • (es) NVIDIA Mellanox OS, ONYX, Skyway y MetroX-3 XCC contienen una vulnerabilidad en el soporte web, donde un atacante puede provocar que una ruta CGI atraviese una URI especialmente manipulada. Una explotación exitosa de esta vulnerabilidad podría conducir a una escalada de privilegios y divulgación de información.
CWE CWE-22
CVSS v2 : unknown
v3 : 7.5
v2 : unknown
v3 : 8.8

12 Aug 2024, 13:41

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-12 13:38

Updated : 2024-09-11 17:34


NVD link : CVE-2024-0113

Mitre link : CVE-2024-0113

CVE.ORG link : CVE-2024-0113


JSON object : View

Products Affected

nvidia

  • onyx
  • metrox-3_xc
  • metrox-2
  • skyway
  • mellanox_os
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-35

Path Traversal: '.../...//'