Improper Authentication in NVIDIA UFM Enterprise, UFM Appliance and UFM CyberAI



Risk Medium
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2024-0130
CWE-ID CWE-287
Exploitation vector Local network
Public exploit N/A
Vulnerable software
UFM Enterprise GA
Other software / Other software solutions

UFM Enterprise Appliance GA
Other software / Other software solutions

UFM SDN Appliance GA
Other software / Other software solutions

UFM CyberAI GA
Other software / Other software solutions

UFM CyberAI LTS23
Other software / Other software solutions

UFM Enterprise LTS23
Other software / Other software solutions

UFM Enterprise Appliance LTS23
Other software / Other software solutions

UFM SDN Appliance LTS23
Other software / Other software solutions

Vendor nVidia

Security Bulletin

This security bulletin contains one medium risk vulnerability.

1) Improper Authentication

EUVDB-ID: #VU100980

Risk: Medium

CVSSv3.1: 7.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-0130

CWE-ID: CWE-287 - Improper Authentication

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error when processing authentication requests. A remote attacker on the local network can bypass authentication process and gain unauthorized access to the application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

UFM Enterprise GA: 6.15.0 - 6.17.0

UFM Enterprise Appliance GA: 1.6.0 - 1.8.0

UFM SDN Appliance GA: 4.14.0 - 4.16.0

UFM CyberAI GA: 2.6.0 - 2.8.0

UFM CyberAI LTS23: 2.6.1-3 LTS

UFM Enterprise LTS23: before 6.15.6-4 LTS

UFM Enterprise Appliance LTS23: before 1.6.6-1 LTS

UFM SDN Appliance LTS23: before 4.14.6.4 LTS

CPE2.3 External links

http://nvidia.custhelp.com/app/answers/detail/a_id/5584


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###