PoC Published for Critical Nvidia Triton Inference Server Vulnerabilities

Cybersecurity researcher Zhiniang Peng published the technical details and proof-of-concept for two serious vulnerabilities in NVIDIA’s widely used Triton Inference Server, potentially exposing countless AI applications and models to remote attacks and data breaches.

CVE-2024-0087: Arbitrary File Write Leading to Remote Code Execution

The first vulnerability, CVE-2024-0087, rated with a critical CVSS score of 9.0, allows attackers to exploit Triton Server’s log configuration interface to write arbitrary files, potentially leading to remote code execution and full server compromise. This vulnerability could grant attackers unauthorized control over AI models and data, posing a significant risk to organizations relying on Triton for AI services.

CVE-2024-0088: Inadequate Parameter Validation Leading to Arbitrary Address Write

The second vulnerability, CVE-2024-0088, with a CVSS score of 5.5, stems from inadequate parameter validation in Triton Server’s shared memory handling. Attackers can exploit this flaw to write to arbitrary memory addresses, potentially leaking sensitive data or disrupting AI model operations.

Impact and Concerns

The impact of these vulnerabilities could be far-reaching, affecting various industries and applications that leverage AI technology. Autonomous vehicles, AI service providers, and conversational AI assistants are just a few examples of potential targets for attackers exploiting these vulnerabilities. The risks include data breaches, compromised AI models, service disruptions, and even safety hazards in the case of autonomous systems.

Mitigation

NVIDIA has addressed both vulnerabilities in Triton Inference Server version 24.04. All users and organizations are strongly advised to upgrade to this latest version to mitigate the risks posed by these security flaws.