Mellanox OS Vulnerability Could Lead to Escalation of Privileges and Information Disclosure
CVE-2024-0113

8.8HIGH

Key Information:

Vendor: Nvidia
Status: Mellanox Os; Skyway; Metrox-3 Xc; Metrox-2
Vendor: CVE Published:; 12 August 2024

Summary

A vulnerability exists in the web support of NVIDIA Mellanox OS and related products, allowing an attacker to exploit a CGI path traversal through a specifically crafted URI. This vulnerability could lead to unauthorized escalation of privileges and potential information disclosure. Organizations utilizing these products should be aware of this vulnerability to mitigate risks associated with unauthorized access.

Affected Version(s)

Mellanox OS Mellanox OS All versions prior to and including 3.11.4000

Mellanox OS Mellanox OS LTS All versions prior to and including 3.11.2200

Mellanox OS Mellanox OS LTS All versions prior to and including 3.10.4400

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5563

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Aug 12, 2024
Vulnerability Reserved
Dec 2, 2023