Triton Inference Server
CVE-2024-0087
HIGH
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
NVIDIA Triton Inference Server for Linux contains a vulnerability where a user can set the logging location to an arbitrary file. If this file exists, logs are appended to the file. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.
AnalysisAI
NVIDIA Triton Inference Server for Linux contains a vulnerability where a user can set the logging location to an arbitrary file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-73. NVIDIA Triton Inference Server for Linux contains a vulnerability where a user can set the logging location to an arbitrary file. If this file exists, logs are appended to the file. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. Affected products include: Nvidia Triton Inference Server.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Triton Inference Server
View allNVIDIA Triton Inference Server for Linux contains a vulnerability in the tracing API, where a user can corrupt system fi
NVIDIA Triton Inference Server for Linux contains a vulnerability in shared memory APIs, where a user can cause an impro
Denial of service in NVIDIA Triton Inference Server for Linux allows remote unauthenticated attackers to exhaust server
Denial of service in NVIDIA Triton Inference Server for Linux (versions through 26.03) allows a remote attacker to crash
Denial of service in NVIDIA Triton Inference Server for Linux stems from a stack-based buffer overflow (CWE-121) reachab
Denial of service in NVIDIA Triton Inference Server for Linux allows a remote, unauthenticated attacker to disrupt avail
Denial of service in NVIDIA Triton Inference Server on Linux allows remote unauthenticated attackers to exhaust host mem
Denial of service in NVIDIA Triton Inference Server on Linux allows remote unauthenticated attackers to crash the servic
Denial of service in NVIDIA Triton Inference Server for Linux lets remote unauthenticated attackers exhaust server resou
NVIDIA Triton Inference Server for Linux and Windows contains a vulnerability where, when it is launched with the non-de
NVIDIA Triton Server for Linux contains a vulnerability where an attacker may cause an improper validation of specified
NVIDIA Triton Inference Server contains a vulnerability where an attacker may cause an improper check for unusual or exc
Same weakness CWE-73 – External Control of File Name or Path
View allShare
External POC / Exploit Code
Leaving vuln.today