CVE-2022-21818 MEDIUM

CVE-2022-21818

Vendor Nvidia
Product NVIDIA License System
Weakness CWE-312 · Cleartext storage
Published February 14, 2022
Last update August 3, 2024

CVSS base score

5.4/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

NVIDIA License System contains a vulnerability in the installation scripts for the DLS virtual appliance, where a user on a network after signing in to the portal can access other users’ credentials, allowing them to gain escalated privileges, resulting in limited impact to both confidentiality and integrity.

Key dates

02Disclosure timeline

February 14, 2022 CVE published
August 3, 2024 Record updated