NVIDIA has announced an important security patch for its NVIDIA® ChatRTX, and asked users to update as soon as possible to safeguard their systems against newly discovered vulnerabilities.
Released on March 26, 2024, this update addresses critical and medium security issues that have been identified in versions 0.2 and prior of the ChatRTX software for Windows.
The update targets two vulnerabilties:
- The first, tracked as CVE‑2024‑0082, affects the ChatRTX user interface. Here, privilege management could be exploited through open file requests, potentially leading to unauthorized access to information, and data manipulation. This vulnerability has been assigned a high severity rating with a CVSS score of 8.2.
- The second vulnerability, CVE‑2024‑0083, also within the ChatRTX UI, could allow attackers to execute cross-site scripting (XSS) attacks through the network, running malicious scripts in users’ browsers. The possible consequences includes code execution, denial of service, and receiving a medium severity level with a CVSS score of 6.5.
Short complain to the NVIDIA devs: Please always sanitize the inputs. These vulnerabilities should’ve been caught in the development or pen test phase. But I understand, in this industry, fast pace development usually means less testing and even less security testing.
So as always, try and keep the software up to date. The risk of messing the system up with fast updates, outweighs the benefits of safety.
Stay Safe!
Photo by Trần Chính.