CVE-2024-0113

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-0113
NVIDIA Mellanox OS, ONYX, Skyway, and MetroX-3 XCC contain a vulnerability in the web support, where an attacker can cause a CGI path traversal by a specially crafted URI. A successful exploit of this vulnerability might lead to escalation of privileges and information disclosure.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.6 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://nvidia.custhelp.com/app/answers/detail/a_id/5563 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:nvidia:mlnx-os:*:*:*:*:lts:*:*:*
cpe:2.3:o:nvidia:mlnx-os:*:*:*:*:-:*:*:*
cpe:2.3:o:nvidia:mlnx-os:*:*:*:*:lts:*:*:*

Configuration 2 (hide)

cpe:2.3:o:nvidia:onyx:*:*:*:*:lts:*:*:*

Configuration 3 (hide)

AND
OR cpe:2.3:o:nvidia:mlnx-gw:*:*:*:*:lts:*:*:*
cpe:2.3:o:nvidia:mlnx-gw:*:*:*:*:-:*:*:*
cpe:2.3:h:nvidia:mga100-hs2:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:nvidia:nvda-os_xc:*:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:mtq8400-hs2r:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:nvidia:mlnx-os:*:*:*:*:-:*:*:*
OR cpe:2.3:h:nvidia:tq8100-hs2f:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:tq8200-hs2f:-:*:*:*:*:*:*:*
History

26 Dec 2024, 19:21

Type Values Removed Values Added
CPE cpe:2.3:h:nvidia:skyway:*:*:*:*:*:skyway_lts:*:*
cpe:2.3:o:nvidia:onyx:*:*:*:*:onyx_lts:*:*:*
cpe:2.3:o:nvidia:mellanox_os:*:*:*:*:*:mellanox_os_lts:*:*
cpe:2.3:h:nvidia:metrox-2:*:*:*:*:*:metrox:*:*
cpe:2.3:h:nvidia:skyway:*:*:*:*:*:skyway:*:*
cpe:2.3:h:nvidia:metrox-3_xc:*:*:*:*:*:metrox:*:*
cpe:2.3:o:nvidia:mellanox_os:*:*:*:*:*:mellanox_os:*:*		 cpe:2.3:h:nvidia:tq8200-hs2f:-:*:*:*:*:*:*:*
cpe:2.3:o:nvidia:nvda-os_xc:*:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:mtq8400-hs2r:-:*:*:*:*:*:*:*
cpe:2.3:o:nvidia:onyx:*:*:*:*:lts:*:*:*
cpe:2.3:o:nvidia:mlnx-gw:*:*:*:*:lts:*:*:*
cpe:2.3:o:nvidia:mlnx-os:*:*:*:*:lts:*:*:*
cpe:2.3:o:nvidia:mlnx-gw:*:*:*:*:-:*:*:*
cpe:2.3:h:nvidia:mga100-hs2:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:tq8100-hs2f:-:*:*:*:*:*:*:*
cpe:2.3:o:nvidia:mlnx-os:*:*:*:*:-:*:*:*
CVSS v2 : unknown
v3 : 8.8 		v2 : unknown
v3 : 7.5
First Time Nvidia mlnx-gw
Nvidia tq8100-hs2f
Nvidia mga100-hs2
Nvidia mlnx-os
Nvidia nvda-os Xc
Nvidia tq8200-hs2f
Nvidia mtq8400-hs2r

11 Sep 2024, 17:34

Type Values Removed Values Added
Summary
  • (es) NVIDIA Mellanox OS, ONYX, Skyway y MetroX-3 XCC contienen una vulnerabilidad en el soporte web, donde un atacante puede provocar que una ruta CGI atraviese una URI especialmente manipulada. Una explotación exitosa de esta vulnerabilidad podría conducir a una escalada de privilegios y divulgación de información.
First Time Nvidia
Nvidia metrox-2
Nvidia skyway
Nvidia metrox-3 Xc
Nvidia mellanox Os
Nvidia onyx
CPE cpe:2.3:o:nvidia:onyx:*:*:*:*:onyx_lts:*:*:*
cpe:2.3:o:nvidia:mellanox_os:*:*:*:*:*:mellanox_os_lts:*:*
cpe:2.3:h:nvidia:skyway:*:*:*:*:*:skyway:*:*
cpe:2.3:o:nvidia:mellanox_os:*:*:*:*:*:mellanox_os:*:*
cpe:2.3:h:nvidia:metrox-2:*:*:*:*:*:metrox:*:*
cpe:2.3:h:nvidia:metrox-3_xc:*:*:*:*:*:metrox:*:*
cpe:2.3:h:nvidia:skyway:*:*:*:*:*:skyway_lts:*:*
References () https://nvidia.custhelp.com/app/answers/detail/a_id/5563 - () https://nvidia.custhelp.com/app/answers/detail/a_id/5563 - Vendor Advisory
CVSS v2 : unknown
v3 : 7.5 		v2 : unknown
v3 : 8.8
CWE CWE-22

12 Aug 2024, 13:41

Type Values Removed Values Added
New CVE
Information

Published : 2024-08-12 13:38

Updated : 2024-12-26 19:21

NVD link : CVE-2024-0113

Mitre link : CVE-2024-0113

CVE.ORG link : CVE-2024-0113

JSON object : View

Products Affected

nvidia

  • onyx
  • tq8200-hs2f
  • mga100-hs2
  • mlnx-os
  • nvda-os_xc
  • tq8100-hs2f
  • mtq8400-hs2r
  • mlnx-gw
CWE
CWE-35

Path Traversal: '.../...//'

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')