Permissions, Privileges, and Access Controls in ConnectX Firmware and BlueField - CVE-2024-0105

 

Permissions, Privileges, and Access Controls in ConnectX Firmware and BlueField - CVE-2024-0105

Published: October 30, 2024


Vulnerability identifier: #VU99496
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2024-0105
CWE-ID: CWE-264
Exploitation vector: Adjecent network
Exploit availability: No public exploit available
Vendor: nVidia
Affected software:
ConnectX Firmware
BlueField

Detailed vulnerability description

The vulnerability allows a remote user on the local network to compromise the target system.

The vulnerability exists due to improper handling of insufficient privileges, which leads to denial of service, data tampering and limited information disclosure.


How to mitigate CVE-2024-0105

Install updates from vendor's website.

Sources