NVIDIA ConnectX Incorrect Authorization Vulnerability in Management Interface

A vulnerability exists in the management interface of NVIDIA ConnectX products, specifically in versions prior to 45.1020, 35.4554, 39.5050, and 43.3608, as well as in ConnectX-4 and ConnectX-4 LX versions prior to 12.28.4704 and 14.32.1908, respectively. This vulnerability allows an attacker with local access to manipulate authorization processes, potentially leading to unauthorized configuration changes. Exploitation of this issue could result in a denial-of-service, unauthorized privilege escalation, information disclosure, and data tampering.

Impact

Exploitation of this vulnerability could cause a denial-of-service, unauthorized privilege escalation, information disclosure, and data tampering.

Remediation

Users are advised to update to version 45.1020 for ConnectX GA products, version 35.4554 for ConnectX LTS22, version 39.5050 for ConnectX LTS23, and version 43.3608 for ConnectX LTS24. For ConnectX-4 and ConnectX-4 LX, versions 12.28.4704 and 14.32.1908 will be published by the end of September.