Description
NVIDIA ConnectX Firmware contains a vulnerability where an attacker may cause an improper handling of insufficient privileges issue. A successful exploit of this vulnerability may lead to denial of service, data tampering, and limited information disclosure.
References (1)
Core 1
Core References
Vendor Advisory
https://nvidia.custhelp.com/app/answers/detail/a_id/5562
Scores
CVSS v3
8.9
EPSS
0.0008
EPSS Percentile
24.5%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-274
Status
published
Products (9)
NVIDIA/BlueField 1
All versions prior to 18.31.1014
NVIDIA/BlueField GA
All versions prior to xx.41.1000
NVIDIA/BlueField LTS22
All versions prior to xx.35.4030
NVIDIA/BlueField LTS23
All versions prior to xx.39.3560
NVIDIA/ConnectX GA
All versions prior to xx.41.1000
NVIDIA/ConnectX LTS22
All versions prior to xx.35.4030
NVIDIA/ConnectX LTS23
All versions prior to xx.39.3560
NVIDIA/ConnectX4
All versions prior to 12.28.2302
NVIDIA/ConnectX4 LX
All versions prior to xx.32.1900
Published
Nov 01, 2024
Tracked Since
Feb 18, 2026