Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvidiaNvidiaNVIDIA:5533
HistoryMay 01, 2024 - 12:00 a.m.

Security Bulletin: NVIDIA ChatRTX - May 2024

2024-05-0100:00:00
nvidia.custhelp.com
7
nvidia
chatrtx
security update
vulnerabilities
information disclosure
privilege escalation
data tampering

7 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

8.7%

JSON

NVIDIA has released a software update for NVIDIA® ChatRTX. To protect your system, download and install this software update from the ChatRTX Download page.

Go to NVIDIA Product Security.

Details

This section provides a summary of potential vulnerabilities that this security update addresses and their impact. Descriptions use CWE™, and base scores and vectors use CVSS v3.1 standards.

CVE ID Description Vector Base Score Severity CWE Impacts
CVE-2024-0096 NVIDIA ChatRTX for Windows contains a vulnerability in Chat RTX UI, where a user can cause an improper privilege management issue by sending user inputs to change execution flow. A successful exploit of this vulnerability might lead to information disclosure, escalation of privileges, and data tampering. AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N 7.5 High CWE-269 Information disclosure, escalation of privileges, data tampering
CVE-2024-0097 NVIDIA ChatRTX for Windows contains a vulnerability in ChatRTX UI, where a user can cause an improper privilege management issue by exploiting interprocess communication between different processes. A successful exploit of this vulnerability might lead to information disclosure, escalation of privileges, and data tampering. AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N 7.5 High CWE-269 Information disclosure, escalation of privileges, data tampering
CVE-2024-0098 NVIDIA ChatRTX for Windows contains a vulnerability in the ChatRTX UI and backend, where a user can cause a clear-text transmission of sensitive information issue by data sniffing. A successful exploit of this vulnerability might lead to information disclosure. AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 5.5 Medium CWE-319 Information disclosure

The NVIDIA risk assessment is based on an average of risk across a diverse set of installed systems and may not represent the true risk to your local installation. NVIDIA recommends evaluating the risk to your specific configuration.

Security Updates

The following table lists the NVIDIA products affected, versions affected, and the updated version that includes this security update.

Download the update from the ChatRTX Download page to apply the security update.

CVE IDs Addressed Affected Products Platform or OS Affected Versions Updated Version
CVE-2024-0096
CVE-2024-0097
CVE-2024-0098 ChatRTX Windows All versions prior to and including 0.2.1 NVIDIA ChatRTX 0.3

Notes

  • Earlier software releases of this product are also affected. If you are using an earlier release, upgrade to the latest release version.
CPENameOperatorVersion
windowslt0.3

Related

cvelist 3
cve 3
cvelist
cvelist
CVE-2024-0097 CVE
2024-05-09 22:16:43
CVE-2024-0096 CVE
2024-05-09 22:16:43
CVE-2024-0098 CVE
2024-05-09 22:16:43
cve
cve
CVE-2024-0096
2024-05-14 14:39:29
CVE-2024-0098
2024-05-14 14:39:31
CVE-2024-0097
2024-05-14 14:39:30

7 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

8.7%

JSON
Related for NVIDIA:5533
cvelist3cve3