Lucene search

NvidiaCVELIST:CVE-2023-31036

HistoryJan 12, 2024 - 5:11 p.m.

CVE-2023-31036 CVE

2024-01-1217:11:38

CWE-23

nvidia

www.cve.org

cve-2023-31036

nvidia triton inference server

path traversal

code execution

denial of service

escalation of privileges

information disclosure

data tampering

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

9.1

Confidence

High

EPSS

0.001

Percentile

23.6%

JSON

NVIDIA Triton Inference Server for Linux and Windows contains a vulnerability where, when it is launched with the non-default command line option --model-control explicit, an attacker may use the model load API to cause a relative path traversal. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Triton Inference Server",
    "vendor": "nvidia",
    "versions": [
      {
        "status": "affected",
        "version": "All versions prior to 2.40"
      }
    ]
  }
]

References

nvidia.custhelp.com/app/answers/detail/a_id/5509

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

9.1

Confidence

High

EPSS

0.001

Percentile

23.6%

JSON

Related for CVELIST:CVE-2023-31036