Multiple vulnerabilities in NVIDIA ChatRTX
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2024-0096 CVE-2024-0097 CVE-2024-0098 |
| CWE-ID | CWE-269 CWE-319 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
ChatRTX Other software / Other software solutions |
| Vendor | nVidia |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Improper Privilege Management
EUVDB-ID: #VU89111
Risk: Low
CVSSv3.1: 6.5 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-0096
CWE-ID:
CWE-269 - Improper Privilege Management
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges.
The vulnerability exists due to improper privilege management in Chat RTX UI. A local user can cause information disclosure, escalation of privileges and data tampering.
MitigationInstall updates from vendor's website.
Vulnerable software versionsChatRTX: 0.2.1
External linkshttp://nvidia.custhelp.com/app/answers/detail/a_id/5533
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper Privilege Management
EUVDB-ID: #VU89112
Risk: Low
CVSSv3.1: 6.5 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-0097
CWE-ID:
CWE-269 - Improper Privilege Management
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges.
The vulnerability exists due to improper privilege management in Chat RTX UI. A local user can cause information disclosure, escalation of privileges and data tampering.
MitigationInstall updates from vendor's website.
Vulnerable software versionsChatRTX: 0.2.1
External linkshttp://nvidia.custhelp.com/app/answers/detail/a_id/5533
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Cleartext transmission of sensitive information
EUVDB-ID: #VU89113
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-0098
CWE-ID:
CWE-319 - Cleartext Transmission of Sensitive Information
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to software uses insecure communication channel to transmit sensitive information in the ChatRTX UI and backend. A local user can gain access to sensitive data.
MitigationInstall updates from vendor's website.
Vulnerable software versionsChatRTX: 0.2.1
External linkshttp://nvidia.custhelp.com/app/answers/detail/a_id/5533
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
