CVE-2024-0113: 
Homebrew vulnerability analysis and mitigation

NVIDIA Mellanox OS, ONYX, Skyway, and MetroX-3 XCC contain a web support vulnerability identified as CVE-2024-0113. The vulnerability allows an attacker to perform CGI path traversal through specially crafted URIs. This security issue was discovered by Cyrille CHATRAS from Orange Group and was publicly disclosed in August 2024 (NVIDIA Security).

The vulnerability has been assigned a CVSS v3.1 base score of 7.5 (High) with the vector string AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H. The vulnerability is classified under CWE-35 and affects multiple versions of NVIDIA's network operating systems (NVIDIA Security).

A successful exploitation of this vulnerability could lead to escalation of privileges and information disclosure in affected systems (NVIDIA Security).

NVIDIA has released security updates to address this vulnerability. The fixed versions include Mellanox OS version 3.12.1002, Mellanox OS LTS versions 3.11.2302 and 3.10.4500, ONYX LTS version 3.10.4504, Skyway version 8.2.2300, Skyway LTS version 8.1.4500, MetroX-3 XC version 18.2.2300, and MetroX-2 version 3.12.1002. Users are advised to upgrade to these patched versions (NVIDIA Security).