CVE-2024-0113

Summary

NVIDIA Mellanox OS, ONYX, Skyway, and MetroX-3 XCC contain a vulnerability in the web support, where an attacker can cause a CGI path traversal by a specially crafted URI. A successful exploit of this vulnerability might lead to escalation of privileges and information disclosure.

Affected Software

VendorProductVersion RangeStatus
NVIDIAMellanox OSAll versions prior to and including 3.11.4000affected
NVIDIAMellanox OSAll versions prior to and including 3.11.2200affected
NVIDIAMellanox OSAll versions prior to and including 3.10.4400affected
NVIDIASkywayAll versions prior to and including 8.2.2200affected
NVIDIASkywayAll versions prior to and including 8.1.4400affected
NVIDIAMetroX-3 XCAll versions prior to and including 18.2.2200affected
NVIDIAMetroX-2All versions prior to and including 3.11.4000affected

Weaknesses

  • CWE-35: CWE-35: Path Traversal

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References