Search criteria
9 vulnerabilities found for ONYX by NVIDIA
FKIE_CVE-2024-0113
Vulnerability from fkie_nvd - Published: 2024-08-12 13:38 - Updated: 2024-12-26 19:21
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
NVIDIA Mellanox OS, ONYX, Skyway, and MetroX-3 XCC contain a vulnerability in the web support, where an attacker can cause a CGI path traversal by a specially crafted URI. A successful exploit of this vulnerability might lead to escalation of privileges and information disclosure.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@nvidia.com | https://nvidia.custhelp.com/app/answers/detail/a_id/5563 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nvidia | mlnx-os | * | |
| nvidia | mlnx-os | * | |
| nvidia | mlnx-os | * | |
| nvidia | onyx | * | |
| nvidia | mlnx-gw | * | |
| nvidia | mlnx-gw | * | |
| nvidia | mga100-hs2 | - | |
| nvidia | nvda-os_xc | * | |
| nvidia | mtq8400-hs2r | - | |
| nvidia | mlnx-os | * | |
| nvidia | tq8100-hs2f | - | |
| nvidia | tq8200-hs2f | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nvidia:mlnx-os:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "A4E85C90-C504-4F1C-B147-9246C5F45A52",
"versionEndExcluding": "3.10.4500",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nvidia:mlnx-os:*:*:*:*:-:*:*:*",
"matchCriteriaId": "CF3DBA9B-E254-4720-80DE-BAE1E6C87D39",
"versionEndExcluding": "3.12.1002",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nvidia:mlnx-os:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "77AA870D-4162-4F51-B792-D1963E57D18F",
"versionEndExcluding": "3.11.2302",
"versionStartIncluding": "3.11.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nvidia:onyx:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "ACA84659-5961-46E4-9307-1A6CAA6EF315",
"versionEndExcluding": "3.10.4504",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nvidia:mlnx-gw:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "6D5BCB2C-535F-444A-BC92-35724A806A7A",
"versionEndExcluding": "8.1.4500",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nvidia:mlnx-gw:*:*:*:*:-:*:*:*",
"matchCriteriaId": "50063E3A-0932-4BF5-8461-6985BD624328",
"versionEndExcluding": "8.2.2300",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nvidia:mga100-hs2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06EFCB4A-1688-4C0A-80C8-D1B50BDF5D82",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nvidia:nvda-os_xc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3503FC22-FDB7-4588-8451-3F601F1C4F88",
"versionEndExcluding": "18.2.2200",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nvidia:mtq8400-hs2r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A48D107C-6629-4954-BE12-F62F6987D45D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nvidia:mlnx-os:*:*:*:*:-:*:*:*",
"matchCriteriaId": "CF3DBA9B-E254-4720-80DE-BAE1E6C87D39",
"versionEndExcluding": "3.12.1002",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nvidia:tq8100-hs2f:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6FBAE0EE-CEC8-47B6-80A6-7057432CB808",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:tq8200-hs2f:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2CFC8AF7-0173-4C62-BCF0-47D8A14F057B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NVIDIA Mellanox OS, ONYX, Skyway, and MetroX-3 XCC contain a vulnerability in the web support, where an attacker can cause a CGI path traversal by a specially crafted URI. A successful exploit of this vulnerability might lead to escalation of privileges and information disclosure."
},
{
"lang": "es",
"value": "NVIDIA Mellanox OS, ONYX, Skyway y MetroX-3 XCC contienen una vulnerabilidad en el soporte web, donde un atacante puede provocar que una ruta CGI atraviese una URI especialmente manipulada. Una explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda conducir a una escalada de privilegios y divulgaci\u00f3n de informaci\u00f3n."
}
],
"id": "CVE-2024-0113",
"lastModified": "2024-12-26T19:21:52.380",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "psirt@nvidia.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-08-12T13:38:12.693",
"references": [
{
"source": "psirt@nvidia.com",
"tags": [
"Vendor Advisory"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5563"
}
],
"sourceIdentifier": "psirt@nvidia.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-35"
}
],
"source": "psirt@nvidia.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2024-0104
Vulnerability from fkie_nvd - Published: 2024-08-08 18:15 - Updated: 2024-12-26 19:44
Severity ?
4.2 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
NVIDIA Mellanox OS, ONYX, Skyway, MetroX-2 and MetroX-3 XC contain a vulnerability in the LDAP AAA component, where a user can cause improper access. A successful exploit of this vulnerability might lead to information disclosure, data tampering, and escalation of privileges.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@nvidia.com | https://nvidia.custhelp.com/app/answers/detail/a_id/5559 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nvidia | onyx | * | |
| nvidia | mlnx-os | * | |
| nvidia | tq8100-hs2f | - | |
| nvidia | tq8200-hs2f | - | |
| nvidia | mlnx-gw | * | |
| nvidia | mga100-hs2 | - | |
| nvidia | nvda-os_xc | * | |
| nvidia | mtq8400-hs2r | - | |
| nvidia | mlnx-os | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nvidia:onyx:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "26CF254C-1556-4D77-9423-C4DD973B8CE5",
"versionEndExcluding": "3.10.4402",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nvidia:mlnx-os:*:*:*:*:-:*:*:*",
"matchCriteriaId": "D34C04D4-8472-4497-8976-A1336CA1730E",
"versionEndExcluding": "3.11.2002",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nvidia:tq8100-hs2f:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6FBAE0EE-CEC8-47B6-80A6-7057432CB808",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:tq8200-hs2f:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2CFC8AF7-0173-4C62-BCF0-47D8A14F057B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nvidia:mlnx-gw:*:*:*:*:-:*:*:*",
"matchCriteriaId": "353A9872-AFB8-4242-9942-0E7C4383DD7D",
"versionEndExcluding": "8.2.2000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nvidia:mga100-hs2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06EFCB4A-1688-4C0A-80C8-D1B50BDF5D82",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nvidia:nvda-os_xc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BD3E5FC6-48B3-4911-92EE-258F5FDE40FC",
"versionEndExcluding": "18.2.2000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nvidia:mtq8400-hs2r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A48D107C-6629-4954-BE12-F62F6987D45D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nvidia:mlnx-os:*:*:*:*:-:*:*:*",
"matchCriteriaId": "8748C387-D070-4E5D-931D-5EEE92E793F4",
"versionEndExcluding": "3.11.2202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NVIDIA Mellanox OS, ONYX, Skyway, MetroX-2 and MetroX-3 XC contain a vulnerability in the LDAP AAA component, where a user can cause improper access. A successful exploit of this vulnerability might lead to information disclosure, data tampering, and escalation of privileges."
},
{
"lang": "es",
"value": "NVIDIA Mellanox OS, ONYX, Skyway, MetroX-2 y MetroX-3 XC contienen una vulnerabilidad en el componente LDAP AAA, donde un usuario puede provocar un acceso inadecuado. Una explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda conducir a la divulgaci\u00f3n de informaci\u00f3n, la manipulaci\u00f3n de datos y la escalada de privilegios."
}
],
"id": "CVE-2024-0104",
"lastModified": "2024-12-26T19:44:22.577",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 2.5,
"source": "psirt@nvidia.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-08-08T18:15:09.800",
"references": [
{
"source": "psirt@nvidia.com",
"tags": [
"Vendor Advisory"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5559"
}
],
"sourceIdentifier": "psirt@nvidia.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "psirt@nvidia.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2024-0101
Vulnerability from fkie_nvd - Published: 2024-08-08 17:15 - Updated: 2024-12-26 19:44
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
NVIDIA Mellanox OS, ONYX, Skyway, MetroX-2 and MetroX-3 XC contain a vulnerability in ipfilter, where improper ipfilter definitions could enable an attacker to cause a failure by attacking the switch. A successful exploit of this vulnerability might lead to denial of service.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@nvidia.com | https://nvidia.custhelp.com/app/answers/detail/a_id/5559 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nvidia | mlnx-os | * | |
| nvidia | tq8100-hs2f | - | |
| nvidia | tq8200-hs2f | - | |
| nvidia | mlnx-gw | * | |
| nvidia | mlnx-gw | * | |
| nvidia | mga100-hs2 | - | |
| nvidia | onyx | * | |
| nvidia | nvda-os_xc | * | |
| nvidia | mtq8400-hs2r | - | |
| nvidia | mlnx-os | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nvidia:mlnx-os:*:*:*:*:-:*:*:*",
"matchCriteriaId": "D34C04D4-8472-4497-8976-A1336CA1730E",
"versionEndExcluding": "3.11.2002",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nvidia:tq8100-hs2f:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6FBAE0EE-CEC8-47B6-80A6-7057432CB808",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nvidia:tq8200-hs2f:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2CFC8AF7-0173-4C62-BCF0-47D8A14F057B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nvidia:mlnx-gw:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "495C879B-B556-4FF0-9B1A-5196147E8A81",
"versionEndExcluding": "8.1.4400",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nvidia:mlnx-gw:*:*:*:*:-:*:*:*",
"matchCriteriaId": "353A9872-AFB8-4242-9942-0E7C4383DD7D",
"versionEndExcluding": "8.2.2000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nvidia:mga100-hs2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06EFCB4A-1688-4C0A-80C8-D1B50BDF5D82",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nvidia:onyx:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "26CF254C-1556-4D77-9423-C4DD973B8CE5",
"versionEndExcluding": "3.10.4402",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nvidia:nvda-os_xc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BD3E5FC6-48B3-4911-92EE-258F5FDE40FC",
"versionEndExcluding": "18.2.2000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nvidia:mtq8400-hs2r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A48D107C-6629-4954-BE12-F62F6987D45D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nvidia:mlnx-os:*:*:*:*:-:*:*:*",
"matchCriteriaId": "D34C04D4-8472-4497-8976-A1336CA1730E",
"versionEndExcluding": "3.11.2002",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NVIDIA Mellanox OS, ONYX, Skyway, MetroX-2 and MetroX-3 XC contain a vulnerability in ipfilter, where improper ipfilter definitions could enable an attacker to cause a failure by attacking the switch. A successful exploit of this vulnerability might lead to denial of service."
},
{
"lang": "es",
"value": "NVIDIA Mellanox OS, ONYX, Skyway, MetroX-2 y MetroX-3 XC contienen una vulnerabilidad en ipfilter, donde definiciones incorrectas de ipfilter podr\u00edan permitir que un atacante cause una falla al atacar el conmutador. Una explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda provocar una denegaci\u00f3n de servicio."
}
],
"id": "CVE-2024-0101",
"lastModified": "2024-12-26T19:44:17.690",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "psirt@nvidia.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-08-08T17:15:17.560",
"references": [
{
"source": "psirt@nvidia.com",
"tags": [
"Vendor Advisory"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5559"
}
],
"sourceIdentifier": "psirt@nvidia.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-693"
}
],
"source": "psirt@nvidia.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2024-0113 (GCVE-0-2024-0113)
Vulnerability from cvelistv5 – Published: 2024-08-09 02:19 – Updated: 2024-08-13 14:15
VLAI?
Summary
NVIDIA Mellanox OS, ONYX, Skyway, and MetroX-3 XCC contain a vulnerability in the web support, where an attacker can cause a CGI path traversal by a specially crafted URI. A successful exploit of this vulnerability might lead to escalation of privileges and information disclosure.
Severity ?
7.5 (High)
CWE
- CWE-35 - Path Traversal
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| NVIDIA | Mellanox OS |
Affected:
All versions prior to and including 3.11.4000
|
|||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:nvidia:mellanox_os_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mellanox_os_firmware",
"vendor": "nvidia",
"versions": [
{
"lessThanOrEqual": "3.11.4000",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "3.11.2200",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "3.10.4400",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:nvidia:skyway_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "skyway_firmware",
"vendor": "nvidia",
"versions": [
{
"lessThanOrEqual": "8.2.2200",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "8.1.4400",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:nvidia:metrox-2_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "metrox-2_firmware",
"vendor": "nvidia",
"versions": [
{
"lessThanOrEqual": "3.11.4000",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:nvidia:metrox-3_xc_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "metrox-3_xc_firmware",
"vendor": "nvidia",
"versions": [
{
"lessThanOrEqual": "18.2.2200",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0113",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-13T14:10:20.123699Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T14:15:20.160Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Mellanox OS"
],
"product": "Mellanox OS",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "All versions prior to and including 3.11.4000"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Mellanox OS LTS"
],
"product": "Mellanox OS",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "All versions prior to and including 3.11.2200"
},
{
"status": "affected",
"version": "All versions prior to and including 3.10.4400"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Skyway"
],
"product": "Skyway",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "All versions prior to and including 8.2.2200"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Skyway LTS"
],
"product": "Skyway",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "All versions prior to and including 8.1.4400"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"MetroX"
],
"product": "MetroX-3 XC",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "All versions prior to and including 18.2.2200"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"MetroX"
],
"product": "MetroX-2",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "All versions prior to and including 3.11.4000"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNVIDIA Mellanox OS, ONYX, Skyway, and MetroX-3 XCC contain a vulnerability in the web support, where an attacker can cause a CGI path traversal by a specially crafted URI. A successful exploit of this vulnerability might lead to escalation of privileges and information disclosure.\u003c/span\u003e"
}
],
"value": "NVIDIA Mellanox OS, ONYX, Skyway, and MetroX-3 XCC contain a vulnerability in the web support, where an attacker can cause a CGI path traversal by a specially crafted URI. A successful exploit of this vulnerability might lead to escalation of privileges and information disclosure."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Escalation of privileges, information disclosure"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-35",
"description": "CWE-35: Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-09T02:19:30.529Z",
"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"shortName": "nvidia"
},
"references": [
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5563"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"assignerShortName": "nvidia",
"cveId": "CVE-2024-0113",
"datePublished": "2024-08-09T02:19:30.529Z",
"dateReserved": "2023-12-02T00:42:23.928Z",
"dateUpdated": "2024-08-13T14:15:20.160Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0104 (GCVE-0-2024-0104)
Vulnerability from cvelistv5 – Published: 2024-08-08 17:15 – Updated: 2024-08-08 17:35
VLAI?
Summary
NVIDIA Mellanox OS, ONYX, Skyway, MetroX-2 and MetroX-3 XC contain a vulnerability in the LDAP AAA component, where a user can cause improper access. A successful exploit of this vulnerability might lead to information disclosure, data tampering, and escalation of privileges.
Severity ?
4.2 (Medium)
CWE
- CWE-284 - Improper Access Control
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NVIDIA | Mellanox OS |
Affected:
All versions prior to and including 3.11.2100
|
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0104",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-08T17:35:12.411213Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-08T17:35:33.292Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Mellanox OS LTS"
],
"product": "Mellanox OS",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "All versions prior to and including 3.11.2100"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ONYX",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "All versions prior to and including 3.10.4302"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Skyway"
],
"product": "Skyway",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "All versions prior to and including 8.2.2100"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"MetroX"
],
"product": "MetroX-3 XC",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "All versions prior to and including 18.2.2100"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"MetroX"
],
"product": "MetroX-2",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "All versions prior to and including 3.11.1000"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNVIDIA Mellanox OS, ONYX, Skyway, MetroX-2 and MetroX-3 XC contain a vulnerability in the LDAP AAA component, where a user can cause improper access. A successful exploit of this vulnerability might lead to information disclosure, data tampering, and escalation of privileges.\u003c/span\u003e"
}
],
"value": "NVIDIA Mellanox OS, ONYX, Skyway, MetroX-2 and MetroX-3 XC contain a vulnerability in the LDAP AAA component, where a user can cause improper access. A successful exploit of this vulnerability might lead to information disclosure, data tampering, and escalation of privileges."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Information disclosure, data tampering, escalation of privileges"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-08T17:15:19.315Z",
"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"shortName": "nvidia"
},
"references": [
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5559"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"assignerShortName": "nvidia",
"cveId": "CVE-2024-0104",
"datePublished": "2024-08-08T17:15:19.315Z",
"dateReserved": "2023-12-02T00:42:14.023Z",
"dateUpdated": "2024-08-08T17:35:33.292Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0101 (GCVE-0-2024-0101)
Vulnerability from cvelistv5 – Published: 2024-08-08 17:11 – Updated: 2024-08-08 18:12
VLAI?
Summary
NVIDIA Mellanox OS, ONYX, Skyway, MetroX-2 and MetroX-3 XC contain a vulnerability in ipfilter, where improper ipfilter definitions could enable an attacker to cause a failure by attacking the switch. A successful exploit of this vulnerability might lead to denial of service.
Severity ?
7.5 (High)
CWE
- CWE-693 - Protection Mechanism Failure
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| NVIDIA | Mellanox OS |
Affected:
All versions prior to and including 3.11.1000
|
|||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:nvidia:mellanox_os_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mellanox_os_firmware",
"vendor": "nvidia",
"versions": [
{
"lessThanOrEqual": "3.11.1000",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:nvidia:onyx_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "onyx_firmware",
"vendor": "nvidia",
"versions": [
{
"lessThanOrEqual": "3.10.4300",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:nvidia:skyway_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "skyway_firmware",
"vendor": "nvidia",
"versions": [
{
"lessThanOrEqual": "8.2.1000",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "8.1.4300",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:nvidia:metro-3_xc_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "metro-3_xc_firmware",
"vendor": "nvidia",
"versions": [
{
"lessThanOrEqual": "18.2.1000",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:nvidia:metrox-2_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "metrox-2_firmware",
"vendor": "nvidia",
"versions": [
{
"lessThanOrEqual": "3.11.1000",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0101",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-08T17:36:03.573818Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-08T18:12:46.321Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Mellanox OS",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "All versions prior to and including 3.11.1000"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ONYX",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "All versions prior to and including 3.10.4300"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Skyway",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "All versions prior to and including 8.2.1000"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Skyway LTS"
],
"product": "Skyway",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "All versions prior to and including 8.1.4300"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"MetroX"
],
"product": "MetroX-3 XC",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "All versions prior to and including 18.2.1000"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"MetroX"
],
"product": "MetroX-2",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "All versions prior to and including 3.11.1000"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNVIDIA Mellanox OS, ONYX, Skyway, MetroX-2 and MetroX-3 XC contain a vulnerability in ipfilter, where improper ipfilter definitions could enable an attacker to cause a failure by attacking the switch. A successful exploit of this vulnerability might lead to denial of service.\u003c/span\u003e"
}
],
"value": "NVIDIA Mellanox OS, ONYX, Skyway, MetroX-2 and MetroX-3 XC contain a vulnerability in ipfilter, where improper ipfilter definitions could enable an attacker to cause a failure by attacking the switch. A successful exploit of this vulnerability might lead to denial of service."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Denial of service"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-693",
"description": "CWE-693: Protection Mechanism Failure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-08T17:11:07.194Z",
"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"shortName": "nvidia"
},
"references": [
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5559"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"assignerShortName": "nvidia",
"cveId": "CVE-2024-0101",
"datePublished": "2024-08-08T17:11:07.194Z",
"dateReserved": "2023-12-02T00:42:10.578Z",
"dateUpdated": "2024-08-08T18:12:46.321Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0113 (GCVE-0-2024-0113)
Vulnerability from nvd – Published: 2024-08-09 02:19 – Updated: 2024-08-13 14:15
VLAI?
Summary
NVIDIA Mellanox OS, ONYX, Skyway, and MetroX-3 XCC contain a vulnerability in the web support, where an attacker can cause a CGI path traversal by a specially crafted URI. A successful exploit of this vulnerability might lead to escalation of privileges and information disclosure.
Severity ?
7.5 (High)
CWE
- CWE-35 - Path Traversal
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| NVIDIA | Mellanox OS |
Affected:
All versions prior to and including 3.11.4000
|
|||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:nvidia:mellanox_os_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mellanox_os_firmware",
"vendor": "nvidia",
"versions": [
{
"lessThanOrEqual": "3.11.4000",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "3.11.2200",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "3.10.4400",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:nvidia:skyway_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "skyway_firmware",
"vendor": "nvidia",
"versions": [
{
"lessThanOrEqual": "8.2.2200",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "8.1.4400",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:nvidia:metrox-2_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "metrox-2_firmware",
"vendor": "nvidia",
"versions": [
{
"lessThanOrEqual": "3.11.4000",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:nvidia:metrox-3_xc_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "metrox-3_xc_firmware",
"vendor": "nvidia",
"versions": [
{
"lessThanOrEqual": "18.2.2200",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0113",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-13T14:10:20.123699Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T14:15:20.160Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Mellanox OS"
],
"product": "Mellanox OS",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "All versions prior to and including 3.11.4000"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Mellanox OS LTS"
],
"product": "Mellanox OS",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "All versions prior to and including 3.11.2200"
},
{
"status": "affected",
"version": "All versions prior to and including 3.10.4400"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Skyway"
],
"product": "Skyway",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "All versions prior to and including 8.2.2200"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Skyway LTS"
],
"product": "Skyway",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "All versions prior to and including 8.1.4400"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"MetroX"
],
"product": "MetroX-3 XC",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "All versions prior to and including 18.2.2200"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"MetroX"
],
"product": "MetroX-2",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "All versions prior to and including 3.11.4000"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNVIDIA Mellanox OS, ONYX, Skyway, and MetroX-3 XCC contain a vulnerability in the web support, where an attacker can cause a CGI path traversal by a specially crafted URI. A successful exploit of this vulnerability might lead to escalation of privileges and information disclosure.\u003c/span\u003e"
}
],
"value": "NVIDIA Mellanox OS, ONYX, Skyway, and MetroX-3 XCC contain a vulnerability in the web support, where an attacker can cause a CGI path traversal by a specially crafted URI. A successful exploit of this vulnerability might lead to escalation of privileges and information disclosure."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Escalation of privileges, information disclosure"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-35",
"description": "CWE-35: Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-09T02:19:30.529Z",
"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"shortName": "nvidia"
},
"references": [
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5563"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"assignerShortName": "nvidia",
"cveId": "CVE-2024-0113",
"datePublished": "2024-08-09T02:19:30.529Z",
"dateReserved": "2023-12-02T00:42:23.928Z",
"dateUpdated": "2024-08-13T14:15:20.160Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0104 (GCVE-0-2024-0104)
Vulnerability from nvd – Published: 2024-08-08 17:15 – Updated: 2024-08-08 17:35
VLAI?
Summary
NVIDIA Mellanox OS, ONYX, Skyway, MetroX-2 and MetroX-3 XC contain a vulnerability in the LDAP AAA component, where a user can cause improper access. A successful exploit of this vulnerability might lead to information disclosure, data tampering, and escalation of privileges.
Severity ?
4.2 (Medium)
CWE
- CWE-284 - Improper Access Control
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NVIDIA | Mellanox OS |
Affected:
All versions prior to and including 3.11.2100
|
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0104",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-08T17:35:12.411213Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-08T17:35:33.292Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Mellanox OS LTS"
],
"product": "Mellanox OS",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "All versions prior to and including 3.11.2100"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ONYX",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "All versions prior to and including 3.10.4302"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Skyway"
],
"product": "Skyway",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "All versions prior to and including 8.2.2100"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"MetroX"
],
"product": "MetroX-3 XC",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "All versions prior to and including 18.2.2100"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"MetroX"
],
"product": "MetroX-2",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "All versions prior to and including 3.11.1000"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNVIDIA Mellanox OS, ONYX, Skyway, MetroX-2 and MetroX-3 XC contain a vulnerability in the LDAP AAA component, where a user can cause improper access. A successful exploit of this vulnerability might lead to information disclosure, data tampering, and escalation of privileges.\u003c/span\u003e"
}
],
"value": "NVIDIA Mellanox OS, ONYX, Skyway, MetroX-2 and MetroX-3 XC contain a vulnerability in the LDAP AAA component, where a user can cause improper access. A successful exploit of this vulnerability might lead to information disclosure, data tampering, and escalation of privileges."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Information disclosure, data tampering, escalation of privileges"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-08T17:15:19.315Z",
"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"shortName": "nvidia"
},
"references": [
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5559"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"assignerShortName": "nvidia",
"cveId": "CVE-2024-0104",
"datePublished": "2024-08-08T17:15:19.315Z",
"dateReserved": "2023-12-02T00:42:14.023Z",
"dateUpdated": "2024-08-08T17:35:33.292Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0101 (GCVE-0-2024-0101)
Vulnerability from nvd – Published: 2024-08-08 17:11 – Updated: 2024-08-08 18:12
VLAI?
Summary
NVIDIA Mellanox OS, ONYX, Skyway, MetroX-2 and MetroX-3 XC contain a vulnerability in ipfilter, where improper ipfilter definitions could enable an attacker to cause a failure by attacking the switch. A successful exploit of this vulnerability might lead to denial of service.
Severity ?
7.5 (High)
CWE
- CWE-693 - Protection Mechanism Failure
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| NVIDIA | Mellanox OS |
Affected:
All versions prior to and including 3.11.1000
|
|||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:nvidia:mellanox_os_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mellanox_os_firmware",
"vendor": "nvidia",
"versions": [
{
"lessThanOrEqual": "3.11.1000",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:nvidia:onyx_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "onyx_firmware",
"vendor": "nvidia",
"versions": [
{
"lessThanOrEqual": "3.10.4300",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:nvidia:skyway_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "skyway_firmware",
"vendor": "nvidia",
"versions": [
{
"lessThanOrEqual": "8.2.1000",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "8.1.4300",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:nvidia:metro-3_xc_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "metro-3_xc_firmware",
"vendor": "nvidia",
"versions": [
{
"lessThanOrEqual": "18.2.1000",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:nvidia:metrox-2_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "metrox-2_firmware",
"vendor": "nvidia",
"versions": [
{
"lessThanOrEqual": "3.11.1000",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0101",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-08T17:36:03.573818Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-08T18:12:46.321Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Mellanox OS",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "All versions prior to and including 3.11.1000"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ONYX",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "All versions prior to and including 3.10.4300"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Skyway",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "All versions prior to and including 8.2.1000"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Skyway LTS"
],
"product": "Skyway",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "All versions prior to and including 8.1.4300"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"MetroX"
],
"product": "MetroX-3 XC",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "All versions prior to and including 18.2.1000"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"MetroX"
],
"product": "MetroX-2",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "All versions prior to and including 3.11.1000"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNVIDIA Mellanox OS, ONYX, Skyway, MetroX-2 and MetroX-3 XC contain a vulnerability in ipfilter, where improper ipfilter definitions could enable an attacker to cause a failure by attacking the switch. A successful exploit of this vulnerability might lead to denial of service.\u003c/span\u003e"
}
],
"value": "NVIDIA Mellanox OS, ONYX, Skyway, MetroX-2 and MetroX-3 XC contain a vulnerability in ipfilter, where improper ipfilter definitions could enable an attacker to cause a failure by attacking the switch. A successful exploit of this vulnerability might lead to denial of service."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Denial of service"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-693",
"description": "CWE-693: Protection Mechanism Failure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-08T17:11:07.194Z",
"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"shortName": "nvidia"
},
"references": [
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5559"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"assignerShortName": "nvidia",
"cveId": "CVE-2024-0101",
"datePublished": "2024-08-08T17:11:07.194Z",
"dateReserved": "2023-12-02T00:42:10.578Z",
"dateUpdated": "2024-08-08T18:12:46.321Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}