CVE-2022-31611

CWE-4273 documents3 sources
Severity
7.3HIGH
EPSS
0.1%
top 79.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Nvidia Geforce Experience
Timeline
PublishedFeb 7

Description

NVIDIA GeForce Experience contains an uncontrolled search path vulnerability in all its client installers, where an attacker with user level privileges may cause the installer to load an arbitrary DLL when the installer is launched. A successful exploit of this vulnerability could lead to escalation of privileges and code execution.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:HExploitability: 1.3 | Impact: 5.5

Affected Packages2 packages

NVDnvidia/geforce_experience< 3.27.0.112
CVEListV5nvidia/geforce_experienceAll versions prior to 3.27.0.112

🔴Vulnerability Details

2
GHSA
GHSA-2v62-25cm-4v7w: NVIDIA GeForce Experience contains an uncontrolled search path vulnerability in all its client installers, where an attacker with user level privilege2023-02-07
CVEList
CVE-2022-31611: NVIDIA GeForce Experience contains an uncontrolled search path vulnerability in all its client installers, where an attacker with user level privilege2023-02-07
CVE-2022-31611 (HIGH CVSS 7.3) | NVIDIA GeForce Experience contains | cvebase.io