1 results (0.006 seconds)

CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0

NVIDIA Mellanox OS, ONYX, Skyway, and MetroX-3 XCC contain a vulnerability in the web support, where an attacker can cause a CGI path traversal by a specially crafted URI. A successful exploit of this vulnerability might lead to escalation of privileges and information disclosure. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NVIDIA Onyx switches. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /admin/launch endpoint. When parsing the script query parameter, the process does not properly validate a user-supplied path prior to using it in file operations. • https://nvidia.custhelp.com/app/answers/detail/a_id/5563 • CWE-35: Path Traversal: '.../ •