Lucene search

NvidiaVULNRICHMENT:CVE-2024-0095

HistoryJun 13, 2024 - 9:16 p.m.

CVE-2024-0095 CVE

2024-06-1321:16:51

CWE-117

nvidia

github.com

nvidia

triton inference server

vulnerability

forged logs

arbitrary commands

code execution

denial of service

escalation of privileges

information disclosure

data tampering

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:H

AI Score

7.8

Confidence

High

EPSS

Percentile

9.0%

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

NVIDIA Triton Inference Server for Linux and Windows contains a vulnerability where a user can inject forged logs and executable commands by injecting arbitrary data as a new log entry. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:nvidia:triton_inference_server:*:*:*:*:*:*:*:*"
    ],
    "vendor": "nvidia",
    "product": "triton_inference_server",
    "versions": [
      {
        "status": "affected",
        "version": "20.10",
        "versionType": "custom",
        "lessThanOrEqual": "24.04"
      }
    ],
    "defaultStatus": "affected"
  }
]

References

nvidia.custhelp.com/app/answers/detail/a_id/5546

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:H

AI Score

7.8

Confidence

High

EPSS

Percentile

9.0%

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

Related for VULNRICHMENT:CVE-2024-0095