en_US English
en_US English ro_RO Romanian

🇧🇬 Bulgarian

Register new company

Complete the notification form to register your company as an essential or important entity, in accordance with Government Emergency Ordinance No. 155/2024.
The process is simple, secure, and necessary for compliance in the field of cybersecurity. 

Register

Aplicația CORB

The CORB application is a platform dedicated to real-time information exchange between important entities in the food sector and the national competent authority (DNSC) in the context of implementing the NIS2 Directive.

It facilitates the monitoring of NIS2 compliance and the coordination of response efforts between the food industry and authorities.

It helps strengthen the cyber resilience of the food supply chain through efficient and transparent communication.

The application directly supports the objectives of the INFORB project by providing a secure digital infrastructure for cooperation and compliance.

Access

Useful Links

The NVIDIA UFM vulnerability allowed attackers to escalate their privileges.

A high-severity vulnerability was recently disclosed by NVIDIA on November 26, 2024, affecting UFM Enterprise, UFM Appliance, and UFM CyberAI products.

The flaw, identified as CVE-2024-0130, could allow attackers to escalate their privileges, to modify data, cause a denial of service (DoS), and access sensitive information.

The security issue, which received a CVSS v3.1 base score of 8.8, originates from an improperly implemented authentication mechanism.

Attackers can exploit this vulnerability by sending malformed requests through the Ethernet management interface of affected UFM systems.

NVIDIA declared: “A successful exploitation of this vulnerability could lead to privilege escalation, data manipulation, service disruption, and information disclosure.”

Products and versions affected

The vulnerability affects multiple versions within NVIDIA’s UFM product range, including:

  • UFM Enterprise GA (versions 6.15.x, 6.16.x, 6.17.x)
  • UFM Enterprise LTS23 (versions 6.15.x LTS older than 6.15.6-4 LTS)
  • UFM Enterprise Appliance GA (versions 1.6.x, 1.7.x, 1.8.x)
  • UFM Enterprise Appliance LTS23 (versions 1.6.x LTS older than 1.6.6-1 LTS)
  • UFM SDN Appliance GA (versions 4.14.x, 4.15.x, 4.16.x)
  • UFM SDN Appliance LTS23 (versions 4.14.x LTS older than 4.14.6.4 LTS)
  • UFM CyberAI GA (versions 2.6.x, 2.7.x, 2.8.x)
  • UFM CyberAI LTS23 (version 2.6.1-3 LTS)

NVIDIA has released firmware updates to address the vulnerability in all products affected. Users are strongly advised to download and install these updates immediately from the NVIDIA Enterprise support portal.

It is important to note that the vulnerability can primarily be exploited through the Ethernet management interface of UFM systems, which, in most cases, is isolated from public networks.

Additionally, the LTS22 versions of UFM products are not affected by this vulnerability. This security flaw underscores the critical importance of promptly updates, especially for infrastructure management tools like NVIDIA's UFM suite.

Given that these systems often have privileged access to network resources, any exploited vulnerability can lead to a widespread compromise of the infrastructure.

Administratorii IT sunt încurajați să revizuiască configurațiile rețelei și să se asigure că interfețele de management sunt corect izolate de rețelele nesigure.

IT administrators are encouraged to review network configurations and ensure that management interfaces are properly isolated from untrusted networks.

The articles NVIDIA UFM Vulnerability Let Attackers Escalate Privileges appeared originally on Cyber Security News.