Triton Inference Server Vulnerability Allows for Log Injection and Code Execution

CVE-2024-0095

4.3MEDIUM

Key Information

Vendor: Nvidia
Status: Nvidia Triton Inference Server
Vendor: CVE Published:; 13 June 2024

Summary

NVIDIA Triton Inference Server for Linux and Windows contains a vulnerability where a user can inject forged logs and executable commands by injecting arbitrary data as a new log entry. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

Affected Version(s)

NVIDIA Triton Inference Server = 20.10 to 24.04

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published.
Jun 13, 2024
Vulnerability Reserved.
Dec 2, 2023

Collectors

NVD DatabaseMitre Database