CVE-2021-23175

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2021-23175
NVIDIA GeForce Experience contains a vulnerability in user authorization, where GameStream does not correctly apply individual user access controls for users on the same device, which, with user intervention, may lead to escalation of privileges, information disclosure, data tampering, and denial of service, affecting other resources beyond the intended security authority of GameStream.

8.2 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.5 / Impact : 6.0

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

4.4 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 3.4 / Impact : 6.4

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
https://nvidia.custhelp.com/app/answers/detail/a_id/5295 Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:nvidia:geforce_experience:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
History

No history.

Information

Published : 2021-12-23 16:15

Updated : 2024-02-28 18:48

NVD link : CVE-2021-23175

Mitre link : CVE-2021-23175

CVE.ORG link : CVE-2021-23175

JSON object : View

Products Affected

nvidia

  • geforce_experience

microsoft

  • windows
CWE
CWE-863

Incorrect Authorization