NVIDIA UFM Enterprise Vulnerability Could Lead to Escalation of Privileges and Data Tampering
CVE-2024-0130

8.8HIGH

Key Information:

Vendor: Nvidia
Status: Ufm Enterprise Ga; Ufm Enterprise Lts23; Ufm Enterprise Appliance Ga; Ufm Enterprise Appliance Lts23
Vendor: CVE Published:; 6 December 2024

Badges

📰 News Worthy

What is CVE-2024-0130?

A vulnerability exists in NVIDIA's UFM Enterprise, UFM Appliance, and UFM CyberAI products that allows an attacker to exploit improper authentication. This issue arises when a malformed request is sent through the Ethernet management interface, potentially resulting in various security threats, including privilege escalation, data tampering, denial of service, and unauthorized information disclosure.

Affected Version(s)

UFM CyberAI GA 2.6.x, 2.7.x, 2.8.x

UFM CyberAI LTS23 2.6.1-3 LTS

UFM Enterprise Appliance GA 1.6.x, 1.7.x, 1.8.x

News Articles

TheCyberThrone

CVE-2024-0130

Nvidia fixed CVE-2024-0130 in UFM Enterprise

NVIDIA has patched a high-severity vulnerability affecting its UFM Enterprise, UFM Appliance, and UFM CyberAI products. could allow an attacker to gain escalated privileges, tamper with data, deny service, and disclose sensitive information. The vulnerability, identified as CVE-2024-0130 with a CVSS...

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5584

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 6, 2024
📰
First article discovered by TheCyberThrone
Nov 28, 2024