Lucene search
NvidiaCVE-2023-0203HistoryApr 22, 2023 - 3:15 a.m.
CVE-2023-0203
2023-04-2203:15:09
CWE-1220
nvidia
web.nvd.nist.gov
34
cve-2023-0203
nvidia
connectx-5
connectx-6
connectx6-dx
nic firmware
vulnerability
unprivileged user
denial of service
CVSS3
7.7
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
AI Score
7.3
Confidence
High
EPSS
0.001
Percentile
28.0%
NVIDIA ConnectX-5, ConnectX-6, and ConnectX6-DX contain a vulnerability in the NIC firmware, where an unprivileged user can exploit insufficient granularity of access control, which may lead to denial of service.
Affected configurations
Node
nvidiaconnectx_firmwareRange<35.1012
nvidiaconnectx-5Match-
ORnvidiaconnectx-6Match-
ORnvidiaconnectx-6-dxMatch-
| Vendor | Product | Version | CPE |
|---|---|---|---|
| nvidia | connectx_firmware | * | cpe:2.3:o:nvidia:connectx_firmware:*:*:*:*:*:*:*:* |
| nvidia | connectx-5 | - | cpe:2.3:h:nvidia:connectx-5:-:*:*:*:*:*:*:* |
| nvidia | connectx-6 | - | cpe:2.3:h:nvidia:connectx-6:-:*:*:*:*:*:*:* |
| nvidia | connectx-6-dx | - | cpe:2.3:h:nvidia:connectx-6-dx:-:*:*:*:*:*:*:* |
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "NVIDIA ConnectX Firmware",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "All versions prior to 35.1012"
}
]
}
]Related
nvd
nvd
CVE-2023-0203
2023-04-22 03:15:09
cvelist
cvelist
CVE-2023-0203
2023-04-22 02:24:15
prion
prion
Improper access control
2023-04-22 03:15:00
nvidia
nvidia
Security Bulletin: NVIDIA ConnectX - April 2023
2023-04-18 00:00:00
CVSS3
7.7
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
AI Score
7.3
Confidence
High
EPSS
0.001
Percentile
28.0%
Related for CVE-2023-0203