CVE-2024-0113

HIGH

Nvidia Mlnx-os < 3.10.4500 - Path Traversal

Title source: rule

Description

NVIDIA Mellanox OS, ONYX, Skyway, and MetroX-3 XCC contain a vulnerability in the web support, where an attacker can cause a CGI path traversal by a specially crafted URI. A successful exploit of this vulnerability might lead to escalation of privileges and information disclosure.

References (1)

[Vendor Advisory] https://nvidia.custhelp.com/app/answers/detail/a_id/5563

Scores

CVSS v3 7.5

EPSS 0.0030

EPSS Percentile 53.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-22 CWE-35

Status published

Products (6)

nvidia/mlnx-gw < 8.1.4500

nvidia/mlnx-gw < 8.2.2300

nvidia/mlnx-os < 3.10.4500

nvidia/mlnx-os < 3.12.1002

nvidia/nvda-os_xc < 18.2.2200

nvidia/onyx < 3.10.4504

Published Aug 12, 2024

Tracked Since Feb 18, 2026