Permissions, Privileges, and Access Controls in ConnectX Firmware and BlueField - CVE-2024-0105
Published: October 30, 2024
Vulnerability identifier: #VU99496
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2024-0105
CWE-ID: CWE-264
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vendor: nVidia
Affected software:
ConnectX Firmware
BlueField
ConnectX Firmware
BlueField
Detailed vulnerability description
The vulnerability allows a remote user on the local network to compromise the target system.
The vulnerability exists due to improper handling of insufficient privileges, which leads to denial of service, data tampering and limited information disclosure.
How to mitigate CVE-2024-0105
Install updates from vendor's website.