WARNING: POC WAS PUBLISHED FOR NVIDIA TRITON INFERENCE SERVER VULNERABILITIES POSING SEVERE RISKS! PATCH IMMEDIATELY!
CVE-2024-0087: CVSS 9.0 (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:H) CVE-2024-0100: CVSS 6.5 (CVSS:3.1/ AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H) CVE-2024-0088: CVSS 5.5 (CVSS:3.1/ AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H)
Sources
NVIDIA: https://nvidia.custhelp.com/app/answers/detail/a_id/5535
Risks
Risks
A PoC was published for two vulnerabilities (CVE-2024-0087 and CVE-2024-0088) in NVIDIA’s Triton Inference Server, potentially exposing multiple AI applications and models in various industries to remote attacks and data breaches.
Both vulnerabilities mentioned affect a widely used product and pose severe risks, including remote code execution, denial of service, escalation of privileges, information disclosure, and data tampering.
They were addressed by NVIDIA in April 2024, together with another vulnerability in the same product (CVE-2024-0100).
The vulnerabilities have not yet been observed to be exploited in the wild, but technical details and a PoC were recently published, thus increasing the risks of exploitation in the future.
Description
CVE-2024-0087 is a critical vulnerability (CVSS score of 9.0) involves the Triton Server’s log configuration interface. An attacker can set the logging location to an arbitrary file. If this file exists, logs are appended to the file.
A successful exploitation of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. This poses a severe risk to the confidentiality, integrity, and availability of the system.
The vulnerability affects the NVIDIA Triton Inference Server for Linux, versions 22.09 to 24.03.
CVE-2024-0100 is a medium severity vulnerability (CVSS score of 6.5) in the tracing API of the Triton Inference Server, where an attacker can corrupt system files.
A successful exploitation of this vulnerability might lead to denial of service and data tampering, highly impacting the integrity and availability of the system.
The vulnerability affects the NVIDIA Triton Inference Server for Linux, versions 20.10 to 24.03.
CVE-2024-0088 is a medium severity vulnerability (CVSS score of 5.5) that stems from inadequate parameter validation in Triton Server’s shared memory APIs that can cause an improper memory access issue by a network API.
A successful exploitation of this vulnerability might also lead to denial of service and data tampering, highly impacting the availability of the system.
The vulnerability affects the NVIDIA Triton Inference Server for Linux, versions 22.09 to 24.03. NVIDIA addressed all three vulnerabilities in Triton Inference Server version 24.04.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://cert.be/en/report-incident
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.
References
NVIDIA: https://nvidia.custhelp.com/app/answers/detail/a_id/5535
NIST:
- https://nvd.nist.gov/vuln/detail/CVE-2024-0087
- https://nvd.nist.gov/vuln/detail/CVE-2024-0088
- https://nvd.nist.gov/vuln/detail/CVE-2024-0100
Securityonline: https://securityonline.info/poc-published-for-critical-nvidia-triton-inference-server-vulnerabilities/