CVE-2024-0138

9.8

Critical

Published:23 Nov 2024

Last updated:17 Jun 2026

Source:psirt@nvidia.com

Deferred

Weakness (CWE)

CWE-862Missing Authorization

CVSS Vector

v3.1

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality: High
Integrity: High
Availability: High

View on MITRE Find PoC on GitHub

Description

NVIDIA Base Command Manager contains a missing authentication vulnerability in the CMDaemon component. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

References

psirt@nvidia.com

https://nvidia.custhelp.com/app/answers/detail/a_id/5595