CVE-2024-0129

CVSS 3.1 Score 6.3 of 10 (medium)

Details

Published Oct 15, 2024

CWE ID 22

Summary

CVE-2024-0129 identifies a vulnerability in NVIDIA NeMo related to the SaveRestoreConnector, which may allow for path traversal via unsafe extraction of .tar files. This vulnerability poses a medium-level risk, with an exploit potentially leading to code execution and data tampering, although the impact on confidentiality and integrity is rated as low. The attack requires low privileges and does not necessitate user interaction, allowing local exploitation with a CVSS base score of 6.3. To mitigate this issue, users should ensure they handle .tar files cautiously and apply any recommended updates from NVIDIA. For further details on remediation, users can refer to NVIDIA's support documentation on the issue.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database