CVE-2022-42291Insecure Operation on Windows Junction / Mount Point in Nvidia Geforce Experience

CWE-1386Insecure Operation on Windows Junction / Mount PointCWE-59Link Following3 documents3 sources
Severity
5.5MEDIUMNVD
CNA8.2
EPSS
0.1%
top 67.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Nvidia Geforce Experience
Timeline
PublishedFeb 7

Description

NVIDIA GeForce Experience contains a vulnerability in the installer, where a user installing the NVIDIA GeForce Experience software may inadvertently delete data from a linked location, which may lead to data tampering. An attacker does not have explicit control over the exploitation of this vulnerability, which requires the user to explicitly launch the installer from the compromised directory.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

NVDnvidia/geforce_experience< 3.27.0.112
CVEListV5nvidia/geforce_experienceAll versions prior to 3.27.0.112

🔴Vulnerability Details

2
GHSA
GHSA-qr8h-mpxp-qw6p: NVIDIA GeForce Experience contains a vulnerability in the installer, where a user installing the NVIDIA GeForce Experience software may inadvertently2023-02-07
CVEList
CVE-2022-42291: NVIDIA GeForce Experience contains a vulnerability in the installer, where a user installing the NVIDIA GeForce Experience software may inadvertently2023-02-07
CVE-2022-42291 — Nvidia vulnerability | cvebase