CVE-2024-0105
NVIDIA ConnectX Improper Privilege Handling Vulnerability
Description
NVIDIA ConnectX Firmware contains a vulnerability where an attacker may cause an improper handling of insufficient privileges issue. A successful exploit of this vulnerability may lead to denial of service, data tampering, and limited information disclosure.
INFO
Published Date :
Nov. 1, 2024, 6:15 a.m.
Last Modified :
Nov. 1, 2024, 12:57 p.m.
Source :
[email protected]
Remotely Exploitable :
No
Impact Score :
6.0
Exploitability Score :
2.3
Affected Products
The following products are affected by CVE-2024-0105
vulnerability.
Even if cvefeed.io is aware of the exact versions of the
products
that
are
affected, the information is not represented in the table below.
No affected product recoded yet
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2024-0105.
| URL | Resource |
|---|---|
| https://nvidia.custhelp.com/app/answers/detail/a_id/5562 |
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2024-0105 vulnerability anywhere in the article.
-
Cybersecurity News
Palo Alto Networks Warns of GlobalProtect App Flaw with Public Exploit Code (CVE-2024-5921)
Palo Alto Networks has issued a security advisory warning of a vulnerability in its GlobalProtect app that could allow attackers to install malicious software on endpoints.The vulnerability, identifie ... Read more
-
Cybersecurity News
CISA Sounds the Alarm on Actively Exploited Apple and Oracle Zero-Days
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning about three actively exploited vulnerabilities affecting Apple and Oracle products. These flaws, added to CISA’ ... Read more
-
Cybersecurity News
CVE-2024-52940: AnyDesk Vulnerability Exposes User IP Addresses, PoC Published
Image: Ebrahim ShafieiA newly discovered vulnerability in popular remote desktop software AnyDesk could allow attackers to uncover users’ IP addresses, posing significant privacy risks. Security resea ... Read more
-
Cybersecurity News
FrostyGoop: New ICS Malware Exploits Modbus TCP Protocol
Recently, Palo Alto Networks has released an in-depth analysis of FrostyGoop, also known as BUSTLEBERM, a sophisticated malware targeting operational technology (OT). This malware gained attention in ... Read more
-
Cybersecurity News
CVE-2024-51503: Trend Micro Deep Security Agent RCE Vulnerability Fixed
A recently discovered vulnerability in the Trend Micro Deep Security 20 Agent could have allowed attackers to execute arbitrary code on affected machines. The vulnerability, identified as CVE-2024-515 ... Read more
-
Cybersecurity News
Analysis & PoC Exploits Released for Palo Alto Zero-Days – CVE-2024-0012 and CVE-2024-9474
Image: WatchtowrIn a recent analysis, security researcher Sonny from watchTowr unveiled the technical intricacies of two zero-day vulnerabilities affecting Palo Alto Networks’ Next-Generation Firewall ... Read more
-
Cybersecurity News
CVE-2024-0012 and CVE-2024-9474: Actively Exploited Vulnerabilities Impact Palo Alto Networks PAN-OS
Palo Alto Networks has issued critical advisories regarding two actively exploited vulnerabilities in their PAN-OS software, posing significant risks to organizations relying on the platform for netwo ... Read more
-
Cybersecurity News
Stealc Malware: The Infostealer Targeting Credentials, Crypto Wallets, and More
In a recent analysis, the SonicWall Capture Labs threat research team revealed the insidious capabilities of Stealc, an infostealer malware designed to steal credentials, cryptocurrency, and other sen ... Read more
The following table lists the changes that have been made to the
CVE-2024-0105 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
CVE Received by [email protected]
Nov. 01, 2024
Action Type Old Value New Value Added Description NVIDIA ConnectX Firmware contains a vulnerability where an attacker may cause an improper handling of insufficient privileges issue. A successful exploit of this vulnerability may lead to denial of service, data tampering, and limited information disclosure. Added Reference NVIDIA Corporation https://nvidia.custhelp.com/app/answers/detail/a_id/5562 [No types assigned] Added CWE NVIDIA Corporation CWE-274 Added CVSS V3.1 NVIDIA Corporation AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:H
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2024-0105 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2024-0105
weaknesses.