CVE-2024-0101

NVIDIA Mellanox OS, ONYX, Skyway, MetroX-2 and MetroX-3 XC contain a vulnerability in ipfilter, where improper ipfilter definitions could enable an attacker to cause a failure by attacking the switch. A successful exploit of this vulnerability might lead to denial of service.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://nvidia.custhelp.com/app/answers/detail/a_id/5559	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:nvidia:mlnx-os:*:*:*:*:-:*:*:*

OR	cpe:2.3:h:nvidia:tq8100-hs2f:-:::::::*
	cpe:2.3:h:nvidia:tq8200-hs2f:-:::::::*

Configuration 2 (hide)

AND

OR	cpe:2.3:o:nvidia:mlnx-gw:::::lts:::*
	cpe:2.3:o:nvidia:mlnx-gw:::::-:::*

cpe:2.3:h:nvidia:mga100-hs2:-:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:o:nvidia:onyx:*:*:*:*:lts:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:nvidia:nvda-os_xc:*:*:*:*:*:*:*:*

cpe:2.3:h:nvidia:mtq8400-hs2r:-:*:*:*:*:*:*:*

Configuration 5 (hide)

cpe:2.3:o:nvidia:mlnx-os:*:*:*:*:-:*:*:*

History

No history.

Information

Published : 2024-08-08 17:15

Updated : 2024-12-26 19:44

NVD link : CVE-2024-0101

Mitre link : CVE-2024-0101

CVE.ORG link : CVE-2024-0101

JSON object : View

Products Affected

nvidia

onyx
mlnx-gw
nvda-os_xc
mga100-hs2
tq8200-hs2f
tq8100-hs2f
mlnx-os
mtq8400-hs2r

CWE

CWE-693

Protection Mechanism Failure

NVD-CWE-Other

{"id": "CVE-2024-0101", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2024-08-08T17:15:17.560", "references": [{"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5559", "tags": ["Vendor Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-693"}]}, {"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "NVIDIA Mellanox OS, ONYX, Skyway, MetroX-2 and MetroX-3 XC contain a vulnerability in ipfilter, where improper ipfilter definitions could enable an attacker to cause a failure by attacking the switch. A successful exploit of this vulnerability might lead to denial of service."}, {"lang": "es", "value": "NVIDIA Mellanox OS, ONYX, Skyway, MetroX-2 y MetroX-3 XC contienen una vulnerabilidad en ipfilter, donde definiciones incorrectas de ipfilter podr\u00edan permitir que un atacante cause una falla al atacar el conmutador. Una explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda provocar una denegaci\u00f3n de servicio."}], "lastModified": "2024-12-26T19:44:17.690", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:nvidia:mlnx-os:*:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "D34C04D4-8472-4497-8976-A1336CA1730E", "versionEndExcluding": "3.11.2002"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:nvidia:tq8100-hs2f:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6FBAE0EE-CEC8-47B6-80A6-7057432CB808"}, {"criteria": "cpe:2.3:h:nvidia:tq8200-hs2f:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2CFC8AF7-0173-4C62-BCF0-47D8A14F057B"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:nvidia:mlnx-gw:*:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "495C879B-B556-4FF0-9B1A-5196147E8A81", "versionEndExcluding": "8.1.4400"}, {"criteria": "cpe:2.3:o:nvidia:mlnx-gw:*:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "353A9872-AFB8-4242-9942-0E7C4383DD7D", "versionEndExcluding": "8.2.2000"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:nvidia:mga100-hs2:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "06EFCB4A-1688-4C0A-80C8-D1B50BDF5D82"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:nvidia:onyx:*:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "26CF254C-1556-4D77-9423-C4DD973B8CE5", "versionEndExcluding": "3.10.4402"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:nvidia:nvda-os_xc:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BD3E5FC6-48B3-4911-92EE-258F5FDE40FC", "versionEndExcluding": "18.2.2000"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:nvidia:mtq8400-hs2r:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A48D107C-6629-4954-BE12-F62F6987D45D"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:nvidia:mlnx-os:*:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "D34C04D4-8472-4497-8976-A1336CA1730E", "versionEndExcluding": "3.11.2002"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}