CVE-2021-23175

EPSS 0.04%
Published 23.12.2021 16:15:07
Last modified 21.11.2024 05:51:19
Source psirt@nvidia.com
Teams watchlist Login
Open Login

NVIDIA GeForce Experience contains a vulnerability in user authorization, where GameStream does not correctly apply individual user access controls for users on the same device, which, with user intervention, may lead to escalation of privileges, information disclosure, data tampering, and denial of service, affecting other resources beyond the intended security authority of GameStream.

Affected products Warnungen 0 Metrics 4 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Nvidia ≫ Geforce Experience Version < 3.24.0.126

Microsoft ≫ Windows Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.04%	0.103

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.2	1.5	6	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
nvd@nist.gov	4.4	3.4	6.4	AV:L/AC:M/Au:N/C:P/I:P/A:P
psirt@nvidia.com	8.2	1.5	6	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

https://nvidia.custhelp.com/app/answers/detail/a_id/5295

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-23175

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-23175

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-23175

EUVD