CVE-2024-0104

Published Aug 8, 2024

Last updated 2 months ago

CVSS medium 4.2

Overview

Description: NVIDIA Mellanox OS, ONYX, Skyway, MetroX-2 and MetroX-3 XC contain a vulnerability in the LDAP AAA component, where a user can cause improper access. A successful exploit of this vulnerability might lead to information disclosure, data tampering, and escalation of privileges.
Source: psirt@nvidia.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 8.8
Impact score: 5.9
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

Weaknesses

psirt@nvidia.com: CWE-284
nvd@nist.gov: NVD-CWE-Other

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:nvidia:onyx:*:*:*:*:lts:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "26CF254C-1556-4D77-9423-C4DD973B8CE5",
            "versionEndExcluding": "3.10.4402"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:nvidia:mlnx-os:*:*:*:*:-:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D34C04D4-8472-4497-8976-A1336CA1730E",
            "versionEndExcluding": "3.11.2002"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:nvidia:tq8100-hs2f:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "6FBAE0EE-CEC8-47B6-80A6-7057432CB808"
          },
          {
            "criteria": "cpe:2.3:h:nvidia:tq8200-hs2f:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2CFC8AF7-0173-4C62-BCF0-47D8A14F057B"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:nvidia:mlnx-gw:*:*:*:*:-:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "353A9872-AFB8-4242-9942-0E7C4383DD7D",
            "versionEndExcluding": "8.2.2000"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:nvidia:mga100-hs2:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "06EFCB4A-1688-4C0A-80C8-D1B50BDF5D82"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:nvidia:nvda-os_xc:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BD3E5FC6-48B3-4911-92EE-258F5FDE40FC",
            "versionEndExcluding": "18.2.2000"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:nvidia:mtq8400-hs2r:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A48D107C-6629-4954-BE12-F62F6987D45D"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:nvidia:mlnx-os:*:*:*:*:-:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8748C387-D070-4E5D-931D-5EEE92E793F4",
            "versionEndExcluding": "3.11.2202"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References