CVE-2024-0095

NVIDIA Triton Inference Server for Linux and Windows contains a vulnerability where a user can inject forged logs and executable commands by injecting arbitrary data as a new log entry. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

CVSS v3 9.0 CRITICAL

9.0^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 2.3 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact LOW

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://nvidia.custhelp.com/app/answers/detail/a_id/5546

Configurations

No configuration.

History

17 Jun 2024, 12:43

Type	Values Removed	Values Added
Summary		(es) NVIDIA Triton Inference Server para Linux y Windows contiene una vulnerabilidad en la que un usuario puede inyectar registros falsificados y comandos ejecutables inyectando datos arbitrarios como una nueva entrada de registro. Una explotación exitosa de esta vulnerabilidad podría provocar la ejecución de código, denegación de servicio, escalada de privilegios, divulgación de información y manipulación de datos.

13 Jun 2024, 22:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-06-13 22:15

Updated : 2024-06-17 12:43

NVD link : CVE-2024-0095

Mitre link : CVE-2024-0095

CVE.ORG link : CVE-2024-0095

JSON object : View

Products Affected

No product.

CWE

CWE-117

Improper Output Neutralization for Logs

9.0 /10