CVE-2024-0104

Summary

NVIDIA Mellanox OS, ONYX, Skyway, MetroX-2 and MetroX-3 XC contain a vulnerability in the LDAP AAA component, where a user can cause improper access. A successful exploit of this vulnerability might lead to information disclosure, data tampering, and escalation of privileges.

Affected Software

VendorProductVersion RangeStatus
NVIDIAMellanox OSAll versions prior to and including 3.11.2100affected
NVIDIAONYXAll versions prior to and including 3.10.4302affected
NVIDIASkywayAll versions prior to and including 8.2.2100affected
NVIDIAMetroX-3 XCAll versions prior to and including 18.2.2100affected
NVIDIAMetroX-2All versions prior to and including 3.11.1000affected

Weaknesses

  • CWE-284: CWE-284: Improper Access Control

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References