NVIDIA Mellanox OS Vulnerability Could Lead to Denial of Service
CVE-2024-0101

7.5HIGH

Key Information:

Vendor: Nvidia
Status: Mellanox Os; Onyx; Skyway; Metrox-3 Xc
Vendor: CVE Published:; 8 August 2024

Summary

The vulnerability in NVIDIA Mellanox OS and its related products stems from improper definitions in the ipfilter configuration. This flaw can be exploited by an attacker to disrupt the normal operation of the affected switches, potentially leading to a denial of service scenario. Effective ipfilter management is essential to mitigate risks associated with this vulnerability, ensuring the stability and reliability of network operations.

Affected Version(s)

Mellanox OS All versions prior to and including 3.11.1000

MetroX-2 MetroX All versions prior to and including 3.11.1000

MetroX-3 XC MetroX All versions prior to and including 18.2.1000

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5559

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 8, 2024
Vulnerability Reserved
Dec 2, 2023