CVE-2024-0114

CVE-2024-0114 is a vulnerability in the HGX Management Controller (HMC) within NVIDIA Hopper HGX for 8-GPU systems. Published on 2025-03-05, it enables a malicious actor with administrative access on the Baseboard Management Controller (BMC) to gain administrator-level access to the HMC. The issue is classified under CWE-1244 and carries a CVSS v3.1 base score of 8.1 (AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:H), indicating high severity due to its potential impact despite requiring high privileges.

Exploitation requires local access with administrative privileges on the BMC, low attack complexity, and no user interaction. A successful attack allows the actor to access the HMC as an administrator, potentially leading to arbitrary code execution, denial of service, further escalation of privileges, sensitive information disclosure, and data tampering within the affected HMC environment.

NVIDIA provides details on mitigation, including patches, in their security advisory at https://nvidia.custhelp.com/app/answers/detail/a_id/5561. Security practitioners should consult this bulletin for version-specific remediation steps.