CVE-2024-0101
Vulnerability from cvelistv5
Published
2024-08-08 17:11
Modified
2024-08-08 18:12
Severity ?
EPSS score ?
Summary
NVIDIA Mellanox OS, ONYX, Skyway, MetroX-2 and MetroX-3 XC contain a vulnerability in ipfilter, where improper ipfilter definitions could enable an attacker to cause a failure by attacking the switch. A successful exploit of this vulnerability might lead to denial of service.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@nvidia.com | https://nvidia.custhelp.com/app/answers/detail/a_id/5559 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | NVIDIA | Mellanox OS |
Version: All versions prior to and including 3.11.1000 |
||||||||||||||||||||
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:nvidia:mellanox_os_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mellanox_os_firmware",
"vendor": "nvidia",
"versions": [
{
"lessThanOrEqual": "3.11.1000",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:nvidia:onyx_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "onyx_firmware",
"vendor": "nvidia",
"versions": [
{
"lessThanOrEqual": "3.10.4300",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:nvidia:skyway_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "skyway_firmware",
"vendor": "nvidia",
"versions": [
{
"lessThanOrEqual": "8.2.1000",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "8.1.4300",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:nvidia:metro-3_xc_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "metro-3_xc_firmware",
"vendor": "nvidia",
"versions": [
{
"lessThanOrEqual": "18.2.1000",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:nvidia:metrox-2_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "metrox-2_firmware",
"vendor": "nvidia",
"versions": [
{
"lessThanOrEqual": "3.11.1000",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0101",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-08T17:36:03.573818Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-08T18:12:46.321Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Mellanox OS",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "All versions prior to and including 3.11.1000"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ONYX",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "All versions prior to and including 3.10.4300"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Skyway",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "All versions prior to and including 8.2.1000"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Skyway LTS"
],
"product": "Skyway",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "All versions prior to and including 8.1.4300"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"MetroX"
],
"product": "MetroX-3 XC",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "All versions prior to and including 18.2.1000"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"MetroX"
],
"product": "MetroX-2",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "All versions prior to and including 3.11.1000"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNVIDIA Mellanox OS, ONYX, Skyway, MetroX-2 and MetroX-3 XC contain a vulnerability in ipfilter, where improper ipfilter definitions could enable an attacker to cause a failure by attacking the switch. A successful exploit of this vulnerability might lead to denial of service.\u003c/span\u003e"
}
],
"value": "NVIDIA Mellanox OS, ONYX, Skyway, MetroX-2 and MetroX-3 XC contain a vulnerability in ipfilter, where improper ipfilter definitions could enable an attacker to cause a failure by attacking the switch. A successful exploit of this vulnerability might lead to denial of service."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Denial of service"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-693",
"description": "CWE-693: Protection Mechanism Failure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-08T17:11:07.194Z",
"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"shortName": "nvidia"
},
"references": [
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5559"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"assignerShortName": "nvidia",
"cveId": "CVE-2024-0101",
"datePublished": "2024-08-08T17:11:07.194Z",
"dateReserved": "2023-12-02T00:42:10.578Z",
"dateUpdated": "2024-08-08T18:12:46.321Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:nvidia:mlnx-os:*:*:*:*:-:*:*:*\", \"versionEndExcluding\": \"3.11.2002\", \"matchCriteriaId\": \"D34C04D4-8472-4497-8976-A1336CA1730E\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:nvidia:tq8100-hs2f:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6FBAE0EE-CEC8-47B6-80A6-7057432CB808\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:nvidia:tq8200-hs2f:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2CFC8AF7-0173-4C62-BCF0-47D8A14F057B\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:nvidia:mlnx-gw:*:*:*:*:lts:*:*:*\", \"versionEndExcluding\": \"8.1.4400\", \"matchCriteriaId\": \"495C879B-B556-4FF0-9B1A-5196147E8A81\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:nvidia:mlnx-gw:*:*:*:*:-:*:*:*\", \"versionEndExcluding\": \"8.2.2000\", \"matchCriteriaId\": \"353A9872-AFB8-4242-9942-0E7C4383DD7D\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:nvidia:mga100-hs2:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"06EFCB4A-1688-4C0A-80C8-D1B50BDF5D82\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:nvidia:onyx:*:*:*:*:lts:*:*:*\", \"versionEndExcluding\": \"3.10.4402\", \"matchCriteriaId\": \"26CF254C-1556-4D77-9423-C4DD973B8CE5\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:nvidia:nvda-os_xc:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"18.2.2000\", \"matchCriteriaId\": \"BD3E5FC6-48B3-4911-92EE-258F5FDE40FC\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:nvidia:mtq8400-hs2r:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A48D107C-6629-4954-BE12-F62F6987D45D\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:nvidia:mlnx-os:*:*:*:*:-:*:*:*\", \"versionEndExcluding\": \"3.11.2002\", \"matchCriteriaId\": \"D34C04D4-8472-4497-8976-A1336CA1730E\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"NVIDIA Mellanox OS, ONYX, Skyway, MetroX-2 and MetroX-3 XC contain a vulnerability in ipfilter, where improper ipfilter definitions could enable an attacker to cause a failure by attacking the switch. A successful exploit of this vulnerability might lead to denial of service.\"}, {\"lang\": \"es\", \"value\": \"NVIDIA Mellanox OS, ONYX, Skyway, MetroX-2 y MetroX-3 XC contienen una vulnerabilidad en ipfilter, donde definiciones incorrectas de ipfilter podr\\u00edan permitir que un atacante cause una falla al atacar el conmutador. Una explotaci\\u00f3n exitosa de esta vulnerabilidad podr\\u00eda provocar una denegaci\\u00f3n de servicio.\"}]",
"id": "CVE-2024-0101",
"lastModified": "2024-12-26T19:44:17.690",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"psirt@nvidia.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}]}",
"published": "2024-08-08T17:15:17.560",
"references": "[{\"url\": \"https://nvidia.custhelp.com/app/answers/detail/a_id/5559\", \"source\": \"psirt@nvidia.com\", \"tags\": [\"Vendor Advisory\"]}]",
"sourceIdentifier": "psirt@nvidia.com",
"vulnStatus": "Analyzed",
"weaknesses": "[{\"source\": \"psirt@nvidia.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-693\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-0101\",\"sourceIdentifier\":\"psirt@nvidia.com\",\"published\":\"2024-08-08T17:15:17.560\",\"lastModified\":\"2024-12-26T19:44:17.690\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"NVIDIA Mellanox OS, ONYX, Skyway, MetroX-2 and MetroX-3 XC contain a vulnerability in ipfilter, where improper ipfilter definitions could enable an attacker to cause a failure by attacking the switch. A successful exploit of this vulnerability might lead to denial of service.\"},{\"lang\":\"es\",\"value\":\"NVIDIA Mellanox OS, ONYX, Skyway, MetroX-2 y MetroX-3 XC contienen una vulnerabilidad en ipfilter, donde definiciones incorrectas de ipfilter podr\u00edan permitir que un atacante cause una falla al atacar el conmutador. Una explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda provocar una denegaci\u00f3n de servicio.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@nvidia.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"psirt@nvidia.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-693\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:nvidia:mlnx-os:*:*:*:*:-:*:*:*\",\"versionEndExcluding\":\"3.11.2002\",\"matchCriteriaId\":\"D34C04D4-8472-4497-8976-A1336CA1730E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:nvidia:tq8100-hs2f:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6FBAE0EE-CEC8-47B6-80A6-7057432CB808\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:nvidia:tq8200-hs2f:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2CFC8AF7-0173-4C62-BCF0-47D8A14F057B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:nvidia:mlnx-gw:*:*:*:*:lts:*:*:*\",\"versionEndExcluding\":\"8.1.4400\",\"matchCriteriaId\":\"495C879B-B556-4FF0-9B1A-5196147E8A81\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:nvidia:mlnx-gw:*:*:*:*:-:*:*:*\",\"versionEndExcluding\":\"8.2.2000\",\"matchCriteriaId\":\"353A9872-AFB8-4242-9942-0E7C4383DD7D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:nvidia:mga100-hs2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"06EFCB4A-1688-4C0A-80C8-D1B50BDF5D82\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:nvidia:onyx:*:*:*:*:lts:*:*:*\",\"versionEndExcluding\":\"3.10.4402\",\"matchCriteriaId\":\"26CF254C-1556-4D77-9423-C4DD973B8CE5\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:nvidia:nvda-os_xc:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"18.2.2000\",\"matchCriteriaId\":\"BD3E5FC6-48B3-4911-92EE-258F5FDE40FC\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:nvidia:mtq8400-hs2r:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A48D107C-6629-4954-BE12-F62F6987D45D\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:nvidia:mlnx-os:*:*:*:*:-:*:*:*\",\"versionEndExcluding\":\"3.11.2002\",\"matchCriteriaId\":\"D34C04D4-8472-4497-8976-A1336CA1730E\"}]}]}],\"references\":[{\"url\":\"https://nvidia.custhelp.com/app/answers/detail/a_id/5559\",\"source\":\"psirt@nvidia.com\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.