CVE-2021-23175

CWE-863 — Incorrect Authorization3 documents3 sources

Severity

8.2HIGH

EPSS

0.1%

top 73.61%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nvidia Geforce Experience Nvidia Nvidia Geforce Experience Software

Timeline

PublishedDec 23

Latest updateDec 24

Description

NVIDIA GeForce Experience contains a vulnerability in user authorization, where GameStream does not correctly apply individual user access controls for users on the same device, which, with user intervention, may lead to escalation of privileges, information disclosure, data tampering, and denial of service, affecting other resources beyond the intended security authority of GameStream.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:HExploitability: 1.5 | Impact: 6.0

Affected Packages2 packages

▶NVDnvidia/geforce_experience< 3.24.0.126

▶CVEListV5nvidia/nvidia_geforce_experience_softwareAll versions prior to 3.24.0.126

🔴Vulnerability Details

GHSA

GHSA-cgm6-8ghm-v3q8: NVIDIA GeForce Experience contains a vulnerability in user authorization, where GameStream does not correctly apply individual user access controls fo↗2021-12-24

▶

CVEList

CVE-2021-23175: NVIDIA GeForce Experience contains a vulnerability in user authorization, where GameStream does not correctly apply individual user access controls fo↗2021-12-23

▶