CVE-2024-0130: NVIDIA Patches High-Severity Vulnerability in UFM Products
NVIDIA has recently released a firmware update to address a high-severity vulnerability affecting its UFM Enterprise, UFM Appliance, and UFM CyberAI products. The vulnerability, identified as CVE-2024-0130, could allow an attacker to gain escalated privileges, tamper with data, deny service, and disclose sensitive information.
The vulnerability stems from an improper authentication issue that can be exploited by sending a malformed request through the Ethernet management interface. A successful exploit could grant an attacker unauthorized access and control over the affected systems.
The Common Vulnerability Scoring System (CVSS) has assigned a base score of 8.8 to this vulnerability, categorizing it as “High” severity. The affected products include various versions of UFM Enterprise, UFM Enterprise Appliance, UFM SDN Appliance, and UFM CyberAI.
NVIDIA urges users to update their systems immediately. The firmware update is available for download from the NVIDIA Enterprise Support Portal.
While the vulnerability is considered serious, it’s important to note that the Ethernet management interface of the UFM system is typically isolated from public networks, limiting the potential for attacks. However, it’s crucial to take proactive measures and mitigate the risk by installing the security update.
The latest update addresses the vulnerability and enhances the security of the UFM products. Users are encouraged to visit the NVIDIA Enterprise Support Portal for detailed information and to download the necessary updates.
Related Posts:
- Hacker group threatens to expose Nvidia driver and firmware data
- Nvidia’s internal systems were attacked by hackers
- Hacker group stole the credentials of over 71,000 Nvidia employees
- Samsung allegedly hit by hackers
- NVIDIA researchers use deep learning to allow robots to learn from human demonstration