CVE-2021-23175

EPSS 0.04%
Veröffentlicht 23.12.2021 16:15:07
Zuletzt bearbeitet 21.11.2024 05:51:19
Quelle psirt@nvidia.com
Teams Watchlist Login
Unerledigt Login

NVIDIA GeForce Experience contains a vulnerability in user authorization, where GameStream does not correctly apply individual user access controls for users on the same device, which, with user intervention, may lead to escalation of privileges, information disclosure, data tampering, and denial of service, affecting other resources beyond the intended security authority of GameStream.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Nvidia ≫ Geforce Experience Version < 3.24.0.126

Microsoft ≫ Windows Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.103

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.2	1.5	6	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
nvd@nist.gov	4.4	3.4	6.4	AV:L/AC:M/Au:N/C:P/I:P/A:P
psirt@nvidia.com	8.2	1.5	6	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

https://nvidia.custhelp.com/app/answers/detail/a_id/5295

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-23175

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-23175

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-23175

EUVD