CVE-2024-0087

NVIDIA Triton Inference Server for Linux contains a vulnerability where a user can set the logging location to an arbitrary file. If this file exists, logs are appended to the file. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

CVSS v3 9.0 CRITICAL

9.0^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 2.3 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact LOW

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://nvidia.custhelp.com/app/answers/detail/a_id/5535
https://nvidia.custhelp.com/app/answers/detail/a_id/5535

Configurations

No configuration.

History

21 Nov 2024, 08:45

Type	Values Removed	Values Added
References	~~() https://nvidia.custhelp.com/app/answers/detail/a_id/5535 -~~	() https://nvidia.custhelp.com/app/answers/detail/a_id/5535 -

14 May 2024, 16:13

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-05-14 14:39

Updated : 2024-11-21 08:45

NVD link : CVE-2024-0087

Mitre link : CVE-2024-0087

CVE.ORG link : CVE-2024-0087

JSON object : View

Products Affected

No product.

CWE

CWE-73

External Control of File Name or Path

9.0 /10