CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-0114

Medium Severity
SVRS
36/100
CVSSv3
8.1/10
EPSS
0.00006/1

CVE-2024-0114 is a high-severity vulnerability in NVIDIA Hopper HGX systems. It enables a malicious actor with administrative access on the BMC to gain administrator access on the HMC. This privilege escalation can lead to serious consequences.

Specifically, exploitation of CVE-2024-0114 can result in unauthorized code execution, denial-of-service attacks, elevation of privileges, sensitive information disclosure, and even data tampering. Despite a CVSS score of 8.1 indicating high severity, the SOCRadar Vulnerability Risk Score (SVRS) is 36, suggesting a lower immediate risk compared to vulnerabilities with scores above 80. However, the potential for significant impact makes patching and mitigation crucial, especially given the 'In The Wild' tag, indicating potential active exploitation. Addressing this vulnerability mitigates substantial risks associated with compromised NVIDIA Hopper HGX systems and protects against potential data breaches and operational disruptions.

TAGS
In The Wild
VECTOR STRING
CVSS:3.1
AV:L
AC:L
PR:H
UI:N
S:C
C:L
I:H
A:H
PUBLICATION DATE2025-03-06
LAST MODIFIED2025-03-05
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-0114 is a vulnerability affecting NVIDIA Hopper HGX systems, specifically the HGX Management Controller (HMC). It allows a malicious actor who already has administrative access on the Baseboard Management Controller (BMC) to gain administrator-level access to the HMC. The vulnerability could lead to serious consequences including code execution, denial of service, privilege escalation, information disclosure, and data tampering. Despite the CVSS score of 8.1, the SOCRadar Vulnerability Risk Score (SVRS) is 42, suggesting a moderate, rather than critical, risk level based on currently available threat intelligence.

Key Insights

  • Elevated Privilege Escalation: This vulnerability allows an attacker with existing administrative access on the BMC to escalate their privileges to the HMC, potentially gaining full control over the NVIDIA Hopper HGX system.

  • Impact on Critical Infrastructure: Given that NVIDIA Hopper HGX systems are often deployed in data centers and for high-performance computing, successful exploitation could have a significant impact on critical infrastructure and services.

  • Exploit Status: There is no data to suggest that active exploits are published.

  • Threat Actor Activity: At present, there's no specific information linking this CVE to any known Threat Actors/APT Groups.

  • CISA Warnings: There is no information to suggest that the Cybersecurity and Infrastructure Security Agency (CISA) has warned of the vulnerability.

  • In the Wild: There is no data to suggest that the vulnerability is actively exploited by hackers.

Mitigation Strategies

  • Restrict BMC Access: Implement stringent access controls and monitoring for the BMC, limiting administrative privileges to only authorized personnel and systems. Regularly audit BMC access logs for suspicious activity.

  • Apply NVIDIA Security Updates: Monitor NVIDIA's security advisories and promptly apply any available patches or updates that address CVE-2024-0114 or related vulnerabilities affecting the HGX Management Controller.

  • Network Segmentation: Segment the network to isolate the BMC and HMC from other critical systems. This reduces the potential impact if either component is compromised.

Additional Information

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

NVIDIA Warns of Multiple Vulnerabilities that Let Attackers Execute Malicious Code
Guru Baran2025-03-05
NVIDIA Warns of Multiple Vulnerabilities that Let Attackers Execute Malicious Code | NVIDIA has issued urgent security advisories addressing multiple vulnerabilities in its Hopper HGX 8-GPU High-Performance Computing (HMC) platforms, including a high-severity flaw (CVE-2024-0114, CVSS 8.1) that permits unauthorized code execution, privilege escalation, and systemic data compromise.  A secondary medium-severity vulnerability (CVE-2024-0141, CVSS 6.8) in the GPU vBIOS layer exposes systems to denial-of-service attacks through unsupported […] The post NVIDIA Warns of Multiple
cybersecuritynews.com
rss
forum
news
CVE-2024-0114 | NVIDIA Hopper HGX 8-GPU internal asset exposed to unsafe debug access level or state
vuldb.com2025-03-05
CVE-2024-0114 | NVIDIA Hopper HGX 8-GPU internal asset exposed to unsafe debug access level or state | A vulnerability classified as problematic was found in NVIDIA Hopper HGX 8-GPU. Affected by this vulnerability is an unknown functionality. The manipulation leads to internal asset exposed to unsafe debug access level or state. This vulnerability is known as CVE-2024-0114. Attacking locally is a requirement. There is no exploit
vuldb.com
rss
forum
news

Social Media

CVE-2024-0114 (CVSS:8.1, HIGH) is Received. NVIDIA Hopper HGX for 8-GPU contains a vulnerability in the HGX Management Controller (HMC) that may allow a malicious a..https://t.co/UqMvIo2jwq #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
0
0
0
NVIDIA just released critical security updates addressing vulnerabilities in the Hopper HGX 8-GPU HMC, including a high-severity flaw (CVE-2024-0114, Severity Level: 8). 🔗 https://t.co/3uxWRI4yQD #Cybersecurity #GPU #VulnerabilityManagement #NVIDIA #HopperHGX #SecurityUpdate
0
0
0
⚠️ Vulnerability Alert: NVIDIA Hopper HGX HMC High-Severity Vulnerability 📅 Timeline: Initial Disclosure: February 2024 Vendor Patch Release: March 2024 📌 Attribution: Discovered by NVIDIA Security Team with external researchers 🆔 CVE ID: CVE-2024-0114 📊 Base
0
0
0
CVE-2024-0114: NVIDIA Addresses High-Severity HMC Vulnerability https://t.co/5pAKnJICvd
0
0
2
CVE-2024-0114: NVIDIA Addresses High-Severity HMC Vulnerability Learn about CVE-2024-0114, a high-severity vulnerability in Nvidia's Hopper HGX, risking code execution and privilege escalation. https://t.co/0wSFN9bPNA
0
0
0

Affected Software

No affected software found for this CVE

References

ReferenceLink
[email protected]https://nvidia.custhelp.com/app/answers/detail/a_id/5561

CWE Details

CWE IDCWE NameDescription
CWE-1244Internal Asset Exposed to Unsafe Debug Access Level or StateThe product uses physical debug or test interfaces with support for multiple access levels, but it assigns the wrong debug access level to an internal asset, providing unintended access to the asset from untrusted debug agents.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence