CVE-2024-0114

High

Published: 05 March 2025

Published

05 March 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 8.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:H

EPSS Score 0.0001 0.4th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-0114 is a high-severity Internal Asset Exposed to Unsafe Debug Access Level or State (CWE-1244) vulnerability in Custhelp (inferred from references). Its CVSS base score is 8.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 0.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and AC-3 (Access Enforcement).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly remediates the HMC vulnerability by requiring timely identification, reporting, and patching of the specific flaw allowing BMC admin access.

AC-3 Access Enforcement partial match

prevent

Enforces approved authorizations and access policies to prevent BMC administrative access from escalating to unauthorized HMC administrator privileges.

AC-6 Least Privilege partial match

prevent

Limits BMC privileges to the minimum necessary, reducing the impact and feasibility of exploitation by a malicious high-privilege actor on the BMC.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

Why these techniques?

The vulnerability directly enables privilege escalation from BMC administrator to HMC administrator, matching Exploitation for Privilege Escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

NVIDIA Hopper HGX for 8-GPU contains a vulnerability in the HGX Management Controller (HMC) that may allow a malicious actor with administrative access on the BMC to access the HMC as an administrator. A successful exploit of this vulnerability may…

lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

Deeper analysisAI

CVE-2024-0114 is a vulnerability in the HGX Management Controller (HMC) within NVIDIA Hopper HGX for 8-GPU systems. Published on 2025-03-05, it enables a malicious actor with administrative access on the Baseboard Management Controller (BMC) to gain administrator-level access to the HMC. The issue is classified under CWE-1244 and carries a CVSS v3.1 base score of 8.1 (AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:H), indicating high severity due to its potential impact despite requiring high privileges.

Exploitation requires local access with administrative privileges on the BMC, low attack complexity, and no user interaction. A successful attack allows the actor to access the HMC as an administrator, potentially leading to arbitrary code execution, denial of service, further escalation of privileges, sensitive information disclosure, and data tampering within the affected HMC environment.

NVIDIA provides details on mitigation, including patches, in their security advisory at https://nvidia.custhelp.com/app/answers/detail/a_id/5561. Security practitioners should consult this bulletin for version-specific remediation steps.

Details

CWE(s): CWE-1244

Affected Products

Custhelp

—

inferred from references and description; NVD did not file a CPE for this CVE

CVEs Like This One

CVE-2026-29642Shared CWE-1244

CVE-2025-42878Shared CWE-1244

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5561
psirt@nvidia.com