Login Sign Up

CVE-2023-31036

7.5 HIGH
Remote Code Execution Path Traversal

📋 TL;DR

NVIDIA Triton Inference Server has a path traversal vulnerability when launched with the --model-control explicit option. Attackers can exploit this via the model load API to access files outside intended directories, potentially leading to code execution or data compromise. This affects administrators who use the non-default explicit model control configuration.

💻 Affected Systems

Products:
  • NVIDIA Triton Inference Server
Versions: All versions prior to 23.09
Operating Systems: Linux, Windows
Default Config Vulnerable: ✅ No
Notes: Only vulnerable when launched with --model-control explicit option. Default configuration is not affected.

📦 What is this software?

Triton Inference Server by Nvidia

View all CVEs affecting Triton Inference Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise including remote code execution, privilege escalation to root/admin, complete data exfiltration, and persistent backdoor installation.

🟠

Likely Case

Information disclosure of sensitive files, denial of service by corrupting critical files, or limited code execution within the Triton service context.

🟢

If Mitigated

No impact if the vulnerable configuration is not used or proper access controls restrict the Triton service account.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires access to the model load API endpoint. No public exploit code has been observed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 23.09 and later

Vendor Advisory: https://nvidia.custhelp.com/app/answers/detail/a_id/5509

Restart Required: Yes

Instructions:

1. Download Triton Inference Server version 23.09 or later from NVIDIA NGC. 2. Stop the current Triton service. 3. Install the updated version. 4. Restart the Triton service with your configuration.

🔧 Temporary Workarounds

Avoid explicit model control

all

Do not use the --model-control explicit option. Use default or other model control modes.

Remove '--model-control explicit' from Triton startup command

Restrict Triton service account

linux

Run Triton with minimal privileges and restrict filesystem access.

chmod 750 /path/to/triton/models
setfacl -m u:triton:rx /path/to/triton

🧯 If You Can't Patch

  • Disable the model load API endpoint or restrict access to trusted IPs only
  • Implement strict filesystem permissions and run Triton with a non-privileged service account

🔍 How to Verify

Check if Vulnerable:

Check if Triton is running with --model-control explicit option and version is below 23.09

Check Version:

tritonserver --version

Verify Fix Applied:

Confirm Triton version is 23.09 or higher and verify the path traversal is blocked in testing

📡 Detection & Monitoring

Log Indicators:

  • Unusual model load requests with path traversal patterns (../)
  • Failed model load attempts with suspicious paths
  • Access to files outside model repository

Network Indicators:

  • HTTP POST requests to /v2/repository/models/{model}/load with path traversal payloads

SIEM Query:

source="triton" AND ("model-control explicit" OR "../" IN request_path)

📊 Metadata

CVE ID: CVE-2023-31036
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-23
Published: January 12, 2024
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-31036, you might also want to check these:

CVE-2024-24578 10.0

CVE-2024-24578 is an unauthenticated remote code execution vulnerability in RaspberryMatic/OCCU IoT ...

Same vulnerability type (CWE-23)
CVE-2023-3701 9.9

Aqua Drive version 2.4 has a relative path traversal vulnerability that allows authenticated users t...

Same vulnerability type (CWE-23)
CVE-2024-3025 9.9

This path traversal vulnerability in mintplex-labs/anything-llm allows attackers to read or delete f...

Same vulnerability type (CWE-23)