Lucene search

NvidiaCVELIST:CVE-2023-0205

HistoryApr 22, 2023 - 2:26 a.m.

CVE-2023-0205

2023-04-2202:26:35

CWE-1220

nvidia

www.cve.org

cve-2023-0205

nvidia

connectx-5

connectx-6

connectx6-dx

nic firmware

unprivileged user

access control

denial of service

5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L

7.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

28.2%

JSON

NVIDIA ConnectX-5, ConnectX-6, and ConnectX6-DX contain a vulnerability in the NIC firmware, where an unprivileged user can exploit insufficient granularity of access control, which may lead to denial of service.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "NVIDIA ConnectX Firmware",
    "vendor": "NVIDIA",
    "versions": [
      {
        "status": "affected",
        "version": "All versions prior to 35.1012"
      }
    ]
  }
]

References

nvidia.custhelp.com/app/answers/detail/a_id/5459

5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L

7.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

28.2%

JSON

Related for CVELIST:CVE-2023-0205