CVE-2024-0113
📋 TL;DR
This vulnerability allows attackers to perform path traversal attacks via specially crafted URIs in NVIDIA networking products' web interfaces. Successful exploitation could lead to privilege escalation and information disclosure. Affected products include NVIDIA Mellanox OS, ONYX, Skyway, and MetroX-3 XCC systems.
💻 Affected Systems
- NVIDIA Mellanox OS
- NVIDIA ONYX
- NVIDIA Skyway
- NVIDIA MetroX-3 XCC
📦 What is this software?
Mlnx Gw by Nvidia
Mlnx Gw by Nvidia
Mlnx Os by Nvidia
Mlnx Os by Nvidia
Mlnx Os by Nvidia
Mlnx Os by Nvidia
Onyx by Nvidia
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise with administrative privileges, complete information disclosure, and potential lateral movement to connected systems.
Likely Case
Unauthorized access to sensitive configuration files, credential harvesting, and limited privilege escalation within the affected networking device.
If Mitigated
Limited impact with proper network segmentation, web interface disabled, and strict access controls in place.
🎯 Exploit Status
Path traversal vulnerabilities typically have low exploitation complexity once the vulnerability is understood.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check NVIDIA advisory for specific fixed versions per product
Vendor Advisory: https://nvidia.custhelp.com/app/answers/detail/a_id/5563
Restart Required: Yes
Instructions:
1. Review NVIDIA advisory for affected versions. 2. Download appropriate firmware updates from NVIDIA support portal. 3. Apply updates following vendor documentation. 4. Reboot affected devices.
🔧 Temporary Workarounds
Disable Web Interface
allDisable the vulnerable web support component to prevent exploitation
# Consult product-specific documentation for disabling web interface commands
Network Segmentation
linuxRestrict access to management interfaces using firewall rules
# Example: iptables -A INPUT -p tcp --dport 80,443 -s trusted_networks -j ACCEPT
# iptables -A INPUT -p tcp --dport 80,443 -j DROP
🧯 If You Can't Patch
- Implement strict network access controls to limit access to management interfaces
- Monitor for suspicious web requests and path traversal attempts in logs
🔍 How to Verify
Check if Vulnerable:
Check current firmware version against NVIDIA advisory; systems with web interface enabled are potentially vulnerableCheck Version:
# Product-specific commands vary; typically 'show version' or similar in CLIVerify Fix Applied:
Verify firmware version matches or exceeds patched versions listed in NVIDIA advisory📡 Detection & Monitoring
Log Indicators:
- Unusual URI patterns containing '../' sequences
- Failed authentication attempts followed by path traversal patterns
- Access to sensitive configuration files via web interface
Network Indicators:
- HTTP requests with encoded path traversal sequences
- Multiple failed requests to web interface from single source
SIEM Query:
web.url CONTAINS "..%2F" OR web.url CONTAINS "%2E%2E%2F" OR web.url CONTAINS "/../"