CVE-2024-0113 - Vulnerability Details

NVIDIA Mellanox OS, ONYX, Skyway, and MetroX-3 XCC contain a vulnerability in the web support, where an attacker can cause a CGI path traversal by a specially crafted URI. A successful exploit of this vulnerability might lead to escalation of privileges and information disclosure.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Nvidia	Mellanox Os Firmware Metrox-2 Firmware Metrox-3 Xc Firmware Mga100-hs2 Mlnx-gw Mlnx-os Mtq8400-hs2r Nvda-os Xc Onyx Skyway Firmware Tq8100-hs2f Tq8200-hs2f

Configuration 1 [-]

OR	cpe:2.3:o:nvidia:mlnx-os:::::lts:::*
	cpe:2.3:o:nvidia:mlnx-os:::::-:::*
	cpe:2.3:o:nvidia:mlnx-os:::::lts:::*

Configuration 2 [-]

cpe:2.3:o:nvidia:onyx:*:*:*:*:lts:*:*:*

Configuration 3 [-]

AND

OR	cpe:2.3:o:nvidia:mlnx-gw:::::lts:::*
	cpe:2.3:o:nvidia:mlnx-gw:::::-:::*

cpe:2.3:h:nvidia:mga100-hs2:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:nvidia:nvda-os_xc:*:*:*:*:*:*:*:*

cpe:2.3:h:nvidia:mtq8400-hs2r:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:nvidia:mlnx-os:*:*:*:*:-:*:*:*

OR	cpe:2.3:h:nvidia:tq8100-hs2f:-:::::::*
	cpe:2.3:h:nvidia:tq8200-hs2f:-:::::::*

No data.

References

Link	Providers
https://nvidia.custhelp.com/app/answers/detail/a_id/5563

History

Thu, 26 Dec 2024 19:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Nvidia mga100-hs2 Nvidia mlnx-gw Nvidia mlnx-os Nvidia mtq8400-hs2r Nvidia nvda-os Xc Nvidia tq8100-hs2f Nvidia tq8200-hs2f
CPEs	cpe:2.3:h:nvidia:metrox-2::::::metrox::* cpe:2.3:h:nvidia:metrox-3_xc::::::metrox::* cpe:2.3:h:nvidia:skyway::::::skyway::* cpe:2.3:h:nvidia:skyway::::::skyway_lts::* cpe:2.3:o:nvidia:mellanox_os::::::mellanox_os::* cpe:2.3:o:nvidia:mellanox_os::::::mellanox_os_lts::* cpe:2.3:o:nvidia:onyx:::::onyx_lts:::*	cpe:2.3:h:nvidia:mga100-hs2:-:::::::* cpe:2.3:h:nvidia:mtq8400-hs2r:-:::::::* cpe:2.3:h:nvidia:tq8100-hs2f:-:::::::* cpe:2.3:h:nvidia:tq8200-hs2f:-:::::::* cpe:2.3:o:nvidia:mlnx-gw:::::-:::* cpe:2.3:o:nvidia:mlnx-gw:::::lts:::* cpe:2.3:o:nvidia:mlnx-os:::::-:::* cpe:2.3:o:nvidia:mlnx-os:::::lts:::* cpe:2.3:o:nvidia:nvda-os_xc:::::::: cpe:2.3:o:nvidia:onyx:::::lts:::*
Vendors & Products	Nvidia mellanox Os Nvidia metrox-2 Nvidia metrox-3 Xc Nvidia skyway	Nvidia mga100-hs2 Nvidia mlnx-gw Nvidia mlnx-os Nvidia mtq8400-hs2r Nvidia nvda-os Xc Nvidia tq8100-hs2f Nvidia tq8200-hs2f

Wed, 11 Sep 2024 18:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Nvidia mellanox Os Nvidia metrox-2 Nvidia metrox-3 Xc Nvidia onyx Nvidia skyway
Weaknesses		CWE-22
CPEs		cpe:2.3:h:nvidia:metrox-2::::::metrox::* cpe:2.3:h:nvidia:metrox-3_xc::::::metrox::* cpe:2.3:h:nvidia:skyway::::::skyway::* cpe:2.3:h:nvidia:skyway::::::skyway_lts::* cpe:2.3:o:nvidia:mellanox_os::::::mellanox_os::* cpe:2.3:o:nvidia:mellanox_os::::::mellanox_os_lts::* cpe:2.3:o:nvidia:onyx:::::onyx_lts:::*
Vendors & Products		Nvidia mellanox Os Nvidia metrox-2 Nvidia metrox-3 Xc Nvidia onyx Nvidia skyway

Tue, 13 Aug 2024 15:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Nvidia Nvidia mellanox Os Firmware Nvidia metrox-2 Firmware Nvidia metrox-3 Xc Firmware Nvidia skyway Firmware
CPEs		cpe:2.3:o:nvidia:mellanox_os_firmware:::::::: cpe:2.3:o:nvidia:metrox-2_firmware:::::::: cpe:2.3:o:nvidia:metrox-3_xc_firmware:::::::: cpe:2.3:o:nvidia:skyway_firmware::::::::
Vendors & Products		Nvidia Nvidia mellanox Os Firmware Nvidia metrox-2 Firmware Nvidia metrox-3 Xc Firmware Nvidia skyway Firmware
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Fri, 09 Aug 2024 02:45:00 +0000

Type	Values Removed	Values Added
Description		NVIDIA Mellanox OS, ONYX, Skyway, and MetroX-3 XCC contain a vulnerability in the web support, where an attacker can cause a CGI path traversal by a specially crafted URI. A successful exploit of this vulnerability might lead to escalation of privileges and information disclosure.
Weaknesses		CWE-35
References		https://nvidia.custhelp.com/app/answers/detail/a_id/5563
Metrics		cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: nvidia

Published: 2024-08-09T02:19:30.529Z

Updated: 2024-08-13T14:15:20.160Z

Reserved: 2023-12-02T00:42:23.928Z

Link: CVE-2024-0113

Vulnrichment

Updated: 2024-08-13T14:15:12.926Z

NVD

Status : Analyzed

Published: 2024-08-12T13:38:12.693

Modified: 2024-12-26T19:21:52.380

Link: CVE-2024-0113

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object