CVE-2020-5977

Type:

Uncontrolled Search Path Element

Severity:

Medium

Publication date:

10/23/2020

Last modified:

10/27/2020

Description

NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in NVIDIA Web Helper NodeJS Web Server in which an uncontrolled search path is used to load a node module, which may lead to code execution, denial of service, escalation of privileges, and information disclosure.

Impact

Access Vector: Local

Access Complexity: Media

Authentication: Not required to exploit

Impact Type: Partially affects on system integrity + Partially affects on system confidentiality + Partially affects on system availability

Vulnerable software and versions

cpe:2.3:a:nvidia:geforce_experience:*:*:*:*:*:*:*:*

To consult the complete list of products and versions see this page

References to Advisories, Solutions, and Tools

https://nvidia.custhelp.com/app/answers/detail/a_id/5076 (Source: CONFIRM)

Explanation of fields

Corporate access

CVE-2020-5977