CVE-2024-0096

NVIDIA ChatRTX for Windows contains a vulnerability in Chat RTX UI, where a user can cause an improper privilege management issue by sending user inputs to change execution flow. A successful exploit of this vulnerability might lead to information disclosure, escalation of privileges, and data tampering.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.1 / Impact : 5.8

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://nvidia.custhelp.com/app/answers/detail/a_id/5533	Vendor Advisory
https://nvidia.custhelp.com/app/answers/detail/a_id/5533	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:nvidia:chatrtx:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

History

17 Sep 2025, 16:13

Type	Values Removed	Values Added
First Time		Nvidia Microsoft windows Microsoft Nvidia chatrtx
CPE		cpe:2.3:a:nvidia:chatrtx:::::::: cpe:2.3:o:microsoft:windows:-:::::::*
References	~~() https://nvidia.custhelp.com/app/answers/detail/a_id/5533 -~~	() https://nvidia.custhelp.com/app/answers/detail/a_id/5533 - Vendor Advisory

Information

Published : 2024-05-14 14:39

Updated : 2025-09-17 16:13

NVD link : CVE-2024-0096

Mitre link : CVE-2024-0096

CVE.ORG link : CVE-2024-0096

JSON object : View

Products Affected

nvidia

chatrtx

microsoft

windows

CWE

CWE-269

Improper Privilege Management

{"id": "CVE-2024-0096", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@nvidia.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.8, "exploitabilityScore": 1.1}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.8, "exploitabilityScore": 1.1}]}, "published": "2024-05-14T14:39:29.753", "references": [{"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5533", "tags": ["Vendor Advisory"], "source": "psirt@nvidia.com"}, {"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5533", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "psirt@nvidia.com", "description": [{"lang": "en", "value": "CWE-269"}]}], "descriptions": [{"lang": "en", "value": "NVIDIA ChatRTX for Windows contains a vulnerability in Chat RTX UI, where a user can cause an improper privilege management issue by sending user inputs to change execution flow. A successful exploit of this vulnerability might lead to information disclosure, escalation of privileges, and data tampering."}, {"lang": "es", "value": "NVIDIA ChatRTX para Windows contiene una vulnerabilidad en la interfaz de usuario de Chat RTX, donde un usuario puede causar un problema de administraci\u00f3n de privilegios inadecuado al enviar entradas del usuario para cambiar el flujo de ejecuci\u00f3n. Una explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n, la escalada de privilegios y la manipulaci\u00f3n de datos."}], "lastModified": "2025-09-17T16:13:21.000", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nvidia:chatrtx:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "602B4225-8BB8-4B30-A13F-78B0C775840C", "versionEndExcluding": "0.3"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@nvidia.com"}