NVIDIA Mellanox OS CGI Path Traversal Escalation Risk
CVE-2024-0113 Published on August 12, 2024

NVIDIA Mellanox OS, ONYX, Skyway, and MetroX-3 XCC contain a vulnerability in the web support, where an attacker can cause a CGI path traversal by a specially crafted URI. A successful exploit of this vulnerability might lead to escalation of privileges and information disclosure.

NVD

Vulnerability Analysis

CVE-2024-0113 can be exploited with network access, requires user interaction. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.

Attack Vector:
NETWORK
Attack Complexity:
HIGH
Privileges Required:
NONE
User Interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
HIGH
Availability Impact:
HIGH

Weakness Type

Path Traversal: '.../...//'

The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' (doubled triple dot slash) sequences that can resolve to a location that is outside of that directory.


Products Associated with CVE-2024-0113

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2024-0113 are published in these products:

NVIDIA Mellanox Os
 
NVIDIA Onyx
 
NVIDIA Skyway
 
NVIDIA Metrox 3 Xc
 
NVIDIA Metrox 2
 
NVIDIA Mlnx Os
 

Affected Versions

NVIDIA Mellanox OS: NVIDIA Mellanox OS: NVIDIA Skyway: NVIDIA Skyway: NVIDIA MetroX-3 XC: NVIDIA MetroX-2: nvidia mellanox_os_firmware: nvidia skyway_firmware: nvidia metrox-2_firmware: nvidia metrox-3_xc_firmware:

Exploit Probability

EPSS
0.27%
Percentile
49.84%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.