NVIDIA has issued a security advisory addressing a critical vulnerability (CVE-2024-0138) discovered in its Base Command Manager software.
This flaw, located within the CMDaemon component, poses significant risks, including the potential for remote code execution, denial of service, privilege escalation, information disclosure, and data tampering.
Vulnerability Overview
The vulnerability arises from a missing authentication mechanism (CWE-862) in the CMDaemon component.
This critical flaw can be exploited remotely without any prerequisites, such as user interaction or special privileges, making it highly dangerous.
Leveraging 2024 MITRE ATT&CK Results for SME & MSP Cybersecurity Leaders – Attend Free Webinar
The vulnerability is assigned a Common Vulnerability Scoring System (CVSS) v3.1 base score of 9.8, categorizing it as “Critical.”
The vulnerability, classified under CWE-862 (Missing Authorization), is particularly dangerous because it can be exploited remotely without requiring user interaction or special privileges.
With a CVSS v3.1 base score of 9.8, this flaw is rated as “Critical.” The severity highlights the potential for widespread impact across systems using the affected software.
If successfully exploited, attackers could remotely execute arbitrary code, disrupt services, escalate user privileges, obtain sensitive information, or tamper with data.
Affected Products and Updates
The affected software versions and updates are summarized below:
| CVE ID | Affected Product | Platform | Affected Version | Updated Version |
| CVE-2024-0138 | NVIDIA Base Command Manager | All | 10.24.09 | 10.24.09a |
NVIDIA confirmed that earlier versions, including 10.24.07 and earlier, are not impacted by this vulnerability.
To mitigate the issue, NVIDIA recommends updating the CMDaemon component on all head nodes and software images.
After applying the update, systems should be rebooted or resynchronized with the updated software image to ensure the fix is fully implemented.
These measures are essential to eliminate the vulnerability and protect systems from potential exploitation.
NVIDIA advises users to stay informed about ongoing security developments by visiting the NVIDIA Product Security page.
This platform provides access to the latest security bulletins, subscription options for notifications, and resources for reporting potential security concerns.
By ensuring their systems are up to date and monitoring security updates, users can minimize risks and maintain a secure computing environment.
Are you from SOC/DFIR Teams? – Analyse Malware & Phishing with ANY.RUN -> Try for Free