Triton Inference Server Vulnerability Allows for Log Injection and Code Execution
CVE-2024-0095

4.3MEDIUM

Key Information:

Vendor: Nvidia
Status: Nvidia Triton Inference Server
Vendor: CVE Published:; 13 June 2024

Summary

NVIDIA Triton Inference Server for Linux and Windows contains a vulnerability where a user can inject forged logs and executable commands by injecting arbitrary data as a new log entry. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

Affected Version(s)

NVIDIA Triton Inference Server 20.10 to 24.04

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5546

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jun 13, 2024
Vulnerability Reserved
Dec 2, 2023