Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-0113

NVIDIA Mellanox OS, ONYX, Skyway, and MetroX-3 XCC contain a vulnerability in the web support, where an attacker can cause a CGI path traversal by a specially crafted URI. A successful exploit of this vulnerability might lead to escalation of privileges and information disclosure.

Published

2024-08-12T13:38:12.693

Last Modified

2024-12-26T19:21:52.380

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Secondary
CWE-35
Type: Primary
CWE-22

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	nvidia	mlnx-os	< 3.10.4500	Yes
Operating System	nvidia	mlnx-os	< 3.12.1002	Yes
Operating System	nvidia	mlnx-os	< 3.11.2302	Yes
Operating System	nvidia	onyx	< 3.10.4504	Yes
Operating System	nvidia	mlnx-gw	< 8.1.4500	Yes
Operating System	nvidia	mlnx-gw	< 8.2.2300	Yes
Hardware	nvidia	mga100-hs2	-	No
Operating System	nvidia	nvda-os_xc	< 18.2.2200	Yes
Hardware	nvidia	mtq8400-hs2r	-	No
Operating System	nvidia	mlnx-os	< 3.12.1002	Yes
Hardware	nvidia	tq8100-hs2f	-	No
Hardware	nvidia	tq8200-hs2f	-	No

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5563 Vendor Advisory ([email protected])