CVE-2024-0095 - OpenCVE

NVIDIA Triton Inference Server for Linux and Windows contains a vulnerability where a user can inject forged logs and executable commands by injecting arbitrary data as a new log entry. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact Low

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

No data.

No data.

References

Link	Resource
https://nvidia.custhelp.com/app/answers/detail/a_id/5546

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: nvidia

Published: 2024-06-13T21:16:51.975Z

Updated: 2024-06-14T22:28:33.379Z

Reserved: 2023-12-02T00:42:04.809Z

Link: CVE-2024-0095

JSON object: View

NVD Information

Status : Awaiting Analysis

Published: 2024-06-13T22:15:13.347

Modified: 2024-06-17T12:43:31.090

Link: CVE-2024-0095

JSON object: View

Redhat Information

No data.

CWE

CWE-117

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-0095", "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "state": "PUBLISHED", "assignerShortName": "nvidia", "dateReserved": "2023-12-02T00:42:04.809Z", "datePublished": "2024-06-13T21:16:51.975Z", "dateUpdated": "2024-06-14T22:28:33.379Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "NVIDIA Triton Inference Server", "vendor": "nvidia", "versions": [{"status": "affected", "version": "20.10 to 24.04"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": true, "type": "text/html", "value": "NVIDIA Triton Inference Server for Linux and Windows contains a vulnerability where a user can inject forged logs and executable commands by injecting arbitrary data as a new log entry. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering."}], "value": "NVIDIA Triton Inference Server for Linux and Windows contains a vulnerability where a user can inject forged logs and executable commands by injecting arbitrary data as a new log entry. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering."}], "impacts": [{"descriptions": [{"lang": "en", "value": "Data tampering"}]}], "metrics": [{"cvssV3_1": {"baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-117", "description": "CWE-117", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia", "dateUpdated": "2024-06-13T21:16:51.975Z"}, "references": [{"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5546"}], "source": {"discovery": "UNKNOWN"}, "title": "CVE"}, "adp": [{"affected": [{"vendor": "nvidia", "product": "triton_inference_server", "cpes": ["cpe:2.3:a:nvidia:triton_inference_server:*:*:*:*:*:*:*:*"], "defaultStatus": "affected", "versions": [{"version": "20.10", "status": "affected", "lessThanOrEqual": "24.04", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-14T22:27:23.859191Z", "id": "CVE-2024-0095", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-14T22:28:33.379Z"}}]}}