NVIDIA has issued a critical security update for a major vulnerability in its Unified Fabric Manager (UFM) products.
Identified as CVE-2024-0130, the flaw has a high CVSS v3.1 score of 8.8 and could allow attackers to escalate privileges, alter data, or disrupt system availability.
NVIDIA UFM Vulnerability – CVE-2024-0130
The vulnerability affects several NVIDIA UFM products, including UFM Enterprise, UFM Appliance, and UFM CyberAI.
It is caused by improper authentication (CWE-287) when handling malformed requests through the Ethernet management interface.
Exploitation of this flaw doesn’t require prior authentication or user interaction, making it highly exploitable.
If exploited, this vulnerability could result in:
- Privilege Escalation – Unauthorized access to higher privilege levels.
- Data Tampering – Attackers altering sensitive information.
- Denial of Service (DoS) – Disrupting system functionality.
- Information Disclosure – Exposing confidential data.
NVIDIA advises users to assess the risk based on their system configurations, as exploitability depends on how the Ethernet management interface is set up.
Affected Products and Security Updates
NVIDIA has released security patches for affected products across multiple operating systems. Users are urged to apply these updates promptly.
| Product | Affected Versions | Updated Version |
|---|---|---|
| UFM Enterprise GA | 6.15.x, 6.16.x, 6.17.x | 6.18.0-5 |
| UFM Appliance GA | 1.6.x, 1.7.x, 1.8.x | 1.9.1-2 |
| UFM CyberAI GA | 2.6.x, 2.7.x, 2.8.x | 2.9.1-2 |
| UFM SDN Appliance GA | 4.14.x, 4.15.x, 4.16.x | 4.17.0.5 |
The vulnerability mainly affects Ethernet management interfaces, which are often isolated from public networks, reducing exposure. Additionally, LTS22 versions of UFM products are not impacted.
Leave A Comment