A high-severity vulnerability was recently disclosed by NVIDIA on November 26, 2024, affecting UFM Enterprise, UFM Appliance, and UFM CyberAI products.<\/p>\n\n\n\n
The flaw, identified as CVE-2024-0130, could allow attackers to escalate their privileges<\/a>, to modify data, cause a denial of service (DoS), and access sensitive information.<\/p>\n\n\n\n The security issue, which received a CVSS v3.1 base score of 8.8, originates from an improperly implemented authentication mechanism.<\/p>\n\n\n\n Attackers can exploit this vulnerability by sending malformed requests through the Ethernet management interface of affected UFM systems.<\/p>\n\n\n\n NVIDIA declared<\/a>: \u201cA successful exploitation of this vulnerability could lead to privilege escalation, data manipulation, service disruption, and information disclosure.\u201d<\/p>\n\n\n\n The vulnerability affects multiple versions within NVIDIA\u2019s UFM product range, including:<\/p>\n\n\n\n NVIDIA has released firmware updates to address the vulnerability<\/a> in all products affected. Users are strongly advised to download and install these updates immediately from the NVIDIA Enterprise support portal.<\/p>\n\n\n\n It is important to note that the vulnerability can primarily be exploited through the Ethernet management interface of UFM systems, which, in most cases, is isolated from public networks.<\/p>\n\n\n\n Additionally, the LTS22 versions of UFM products are not affected by this vulnerability. This security flaw underscores the critical importance of promptly\u00a0updates<\/a>, especially for infrastructure management tools like NVIDIA's UFM suite.<\/p>\n\n\n\n Given that these systems often have privileged access to network resources<\/a>, any exploited vulnerability can lead to a widespread compromise of the infrastructure.<\/p>\n\n\n\n Administratorii IT sunt \u00eencuraja\u021bi s\u0103 revizuiasc\u0103 configura\u021biile re\u021belei \u0219i s\u0103 se asigure c\u0103\u00a0interfe\u021bele de management sunt corect izolate\u00a0de re\u021belele nesigure.<\/p>\n\n\n\n IT administrators are encouraged to review network configurations and ensure that management interfaces are properly isolated from untrusted networks.<\/p>\n\n\n\n The articles NVIDIA UFM Vulnerability Let Attackers Escalate Privileges<\/a> appeared originally on Cyber Security News<\/a>.<\/p>\n\n\n\n <\/p>","protected":false},"excerpt":{"rendered":" A critical vulnerability in NVIDIA UFM products, exploitable through the Ethernet management interface, allows privilege escalation and data compromise, making it essential for organizations to immediately apply the provided security updates.<\/p>","protected":false},"author":1,"featured_media":561,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"single-with-sidebar","format":"standard","meta":{"footnotes":""},"categories":[17],"tags":[39],"class_list":["post-564","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-homepage"],"_links":{"self":[{"href":"https:\/\/inforb.ro\/en\/wp-json\/wp\/v2\/posts\/564","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/inforb.ro\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/inforb.ro\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/inforb.ro\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/inforb.ro\/en\/wp-json\/wp\/v2\/comments?post=564"}],"version-history":[{"count":3,"href":"https:\/\/inforb.ro\/en\/wp-json\/wp\/v2\/posts\/564\/revisions"}],"predecessor-version":[{"id":882,"href":"https:\/\/inforb.ro\/en\/wp-json\/wp\/v2\/posts\/564\/revisions\/882"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/inforb.ro\/en\/wp-json\/wp\/v2\/media\/561"}],"wp:attachment":[{"href":"https:\/\/inforb.ro\/en\/wp-json\/wp\/v2\/media?parent=564"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/inforb.ro\/en\/wp-json\/wp\/v2\/categories?post=564"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/inforb.ro\/en\/wp-json\/wp\/v2\/tags?post=564"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}Products and versions affected<\/strong><\/h2>\n\n\n\n
\n