A high-severity vulnerability (CVE-2024-0130) has been identified in NVIDIA’s Unified Fabric Manager (UFM) product line, affecting several key offerings, including UFM Enterprise, UFM Appliance, UFM SDN Appliance, and UFM CyberAI. This flaw, disclosed on November 26, 2024, has been assigned a CVSS score of 8.8, indicating its critical nature. The vulnerability arises from an improper authentication mechanism in the Ethernet management interface of these systems. Attackers could exploit this issue by sending specially crafted requests, potentially allowing them to escalate privileges, manipulate data, disrupt services, and access sensitive information. This kind of access could have serious implications, particularly in enterprise environments where UFM systems manage vital network infrastructure.
The affected versions of NVIDIA’s UFM products include UFM Enterprise GA (versions 6.15.x to 6.17.x), UFM Enterprise LTS23 (versions prior to 6.15.6-4 LTS), UFM Enterprise Appliance GA (versions 1.6.x to 1.8.x), and others. This vulnerability poses a significant risk to users of these products, as UFM systems often have privileged access to crucial network resources. If exploited, the flaw could lead to a wide range of attacks, from denial of service to potentially critical data breaches. Although the Ethernet management interface is usually isolated from public networks, organizations must ensure their configurations do not inadvertently expose these interfaces to untrusted sources.
In response to this vulnerability, NVIDIA has issued firmware updates across all affected products, urging users to apply these patches immediately. The company’s proactive approach aims to mitigate the risks associated with this vulnerability, but it also highlights the importance of timely patch management. Administrators are advised to review and update their systems, ensuring that management interfaces are appropriately isolated from untrusted networks to prevent unauthorized access. This vulnerability serves as a reminder of the security challenges faced by infrastructure management tools, which are integral to the smooth operation of network environments.
