The vulnerability stems from the logging configuration interface (/v2/logging) of the Triton Inference Server, which improperly handles user input for the log_file parameter. This flaw allows attackers to specify an absolute path for log file output, leading to arbitrary file creation, appending, or overwriting. By exploiting this, an attacker can inject malicious commands into critical system files or scripts, which are executed by the server, potentially leading to remote code execution. The exploitation technique is similar to that described in CVE-2023-31036, highlighting the severity and practicality of this vulnerability.

An attacker starts by sending a specially crafted request to the /v2/logging endpoint of the Triton server, specifying a critical system file (e.g., /root/.bashrc) as the target for log output. The attacker then triggers log events that append malicious commands to the targeted file. Once the file is executed (e.g., on server reboot or manual execution), the attacker's code runs, achieving remote code execution. This scenario assumes the attacker has network access to the Triton server's logging interface.

This vulnerability affects administrators and users of the Triton Inference Server version r23.04. Specifically, systems where the Triton server is accessible to untrusted networks or users are at heightened risk, as this vulnerability could be exploited to gain unauthorized access or control over the server.