CVE-2024-0130

Summary

NVIDIA UFM Enterprise, UFM Appliance, and UFM CyberAI contain a vulnerability where an attacker can cause an improper authentication issue by sending a malformed request through the Ethernet management interface. A successful exploit of this vulnerability might lead to escalation of privileges, data tampering, denial of service, and information disclosure.

Affected Software

VendorProductVersion RangeStatus
NVIDIAUFM Enterprise GA6.15.x, 6.16.x, 6.17.xaffected
NVIDIAUFM Enterprise LTS236.15.x LTS prior to 6.15.6-4 LTSaffected
NVIDIAUFM Enterprise Appliance GA1.6.x, 1.7.x, 1.8.xaffected
NVIDIAUFM Enterprise Appliance LTS231.6.x LTS prior to 1.6.6-1 LTSaffected
NVIDIAUFM SDN Appliance GA4.14.x, 4.15.x, 4.16.xaffected
NVIDIAUFM SDN Appliance LTS234.14.x LTS prior to 4.14.6.4 LTSaffected
NVIDIAUFM CyberAI GA2.6.x, 2.7.x, 2.8.xaffected
NVIDIAUFM CyberAI LTS232.6.1-3 LTSaffected

Weaknesses

  • CWE-287: CWE-287 Improper Authentication

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References