Cyber Security News

NVIDIA Patches High-Severity Vulnerability in UFM Products

Cyware

### #NVIDIAUpdate #UFMProducts #CVE2024-0130

Summary: NVIDIA has released a critical firmware update to fix a high-severity vulnerability (CVE-2024-0130) in its UFM products that could allow attackers to gain escalated privileges and compromise sensitive data. Users are strongly advised to update their systems to mitigate potential risks.

Threat Actor: Unknown | unknown
Victim: NVIDIA UFM Users | NVIDIA UFM Users

Key Point :

  • The vulnerability could allow unauthorized access, data tampering, denial of service, and information disclosure.
  • It is caused by improper authentication via a malformed request sent through the Ethernet management interface.
  • The CVSS score of 8.8 categorizes this vulnerability as high severity, indicating significant risk.
  • NVIDIA emphasizes the importance of updating systems immediately to enhance security.
  • The affected products include various versions of UFM Enterprise, UFM Appliance, and UFM CyberAI.
  • Although the Ethernet management interface is typically isolated from public networks, proactive measures are essential.

NVIDIA has recently released a firmware update to address a high-severity vulnerability affecting its UFM Enterprise, UFM Appliance, and UFM CyberAI products. The vulnerability, identified as CVE-2024-0130, could allow an attacker to gain escalated privileges, tamper with data, deny service, and disclose sensitive information.

The vulnerability stems from an improper authentication issue that can be exploited by sending a malformed request through the Ethernet management interface. A successful exploit could grant an attacker unauthorized access and control over the affected systems.

The Common Vulnerability Scoring System (CVSS) has assigned a base score of 8.8 to this vulnerability, categorizing it as “High” severity. The affected products include various versions of UFM Enterprise, UFM Enterprise Appliance, UFM SDN Appliance, and UFM CyberAI.

NVIDIA urges users to update their systems immediately. The firmware update is available for download from the NVIDIA Enterprise Support Portal.

While the vulnerability is considered serious, it’s important to note that the Ethernet management interface of the UFM system is typically isolated from public networks, limiting the potential for attacks. However, it’s crucial to take proactive measures and mitigate the risk by installing the security update.

The latest update addresses the vulnerability and enhances the security of the UFM products. Users are encouraged to visit the NVIDIA Enterprise Support Portal for detailed information and to download the necessary updates.

Related Posts:

Source: https://securityonline.info/cve-2024-0130-nvidia-patches-high-severity-vulnerability-in-ufm-products

Tags: EXPLOIT, CVE, VULNERABILITY