Nvidia Product Security Update Advisory (CVE-2024-0130)
Overview
An update has been released to address vulnerabilities in Nvidia Products. Users of the affected versions are advised to update to the latest version.
Affected Products
CVE-2024-0130
- UFM Enterprise GA versions: 6.15.x, 6.16.x, 6.17.x
- UFM Enterprise LTS23 versions: 6.15.x LTS prior to 6.15.6-4 LTS
- UFM Enterprise Appliance GA versions: 1.6.x, 1.7.x, 1.8.x
- UFM Enterprise Appliance LTS23 versions: 1.6.x LTS prior to 1.6.6-1 LTS
- UFM SDN Appliance GA versions: 4.14.x, 4.15.x, 4.16.x
- UFM SDN Appliance LTS23 versions: 4.14.x LTS prior to 4.14.6.4 LTS
- UFM CyberAI GA versions: 2.6.x, 2.7.x, 2.8.x
- UFM CyberAI LTS23 version: 2.6.1-3 LTS
Resolved Vulnerabilities
Vulnerability in the NVIDIA UFM Family Ethernet Management Interface where malformed requests could cause authentication to be handled improperly, resulting in privilege escalation, data corruption, denial of service, and information leakage (CVE-2024-0130)
Vulnerability Patches
Vulnerability patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.
CVE-2024-0130
- UFM Enterprise GA version: 6.18.0-5
- UFM Enterprise LTS23 version: 6.15.6-4 LTS
- UFM Enterprise Appliance GA version: 1.9.1-2
- UFM Enterprise Appliance LTS23 version: 1.6.6-1 LTS
- UFM SDN Appliance GA version: 4.17.0.5
- UFM SDN Appliance LTS23 version: 4.14.6.4 LTS
- UFM CyberAI GA version: 2.9.1-2
- UFM CyberAI LTS23 version: 2.6.1-4 LTS
Referenced Sites
[1] CVE-2024-0130 Detail
https://nvd.nist.gov/vuln/detail/CVE-2024-0130
[2] Security Bulletin: NVIDIA UFM Enterprise, UFM Appliance, UFM CyberAI – November 2024