NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in NVIDIA Web Helper NodeJS Web Server in which an uncontrolled search path is used to load a node module, which may lead to code execution, denial of service, escalation of privileges, and information disclosure.
{"threatpost": [{"lastseen": "2020-12-31T03:59:37", "bulletinFamily": "info", "cvelist": ["CVE-2020-5977"], "description": "As 2020 draws to a close, it\u2019s clear that [work-from-home](<https://threatpost.com/working-from-home-covid-19s-constellation-of-security-challenges/153720/>) security, [ransomware](<https://threatpost.com/ransomware-network-access-cyberattack/159998/>), [COVID-19-themed](<https://threatpost.com/covid-19-vaccine-cyberattacks-credentials-zebrocy/162072/>) social engineering and attacks [by nation-states](<https://threatpost.com/sunburst-c2-secrets-rsolarwinds-victims/162426/>) will go down as defining topics for the cybersecurity world for the year. Threatpost also took a retrospective view on what readers were most interested during the last 12 months, looking at our top five most-read stories of the year.\n\nPlease read on to learn more about what caught reader\u2019s attention the most this year, with an eye to summing up some hot trends. Subjects include Microsoft Office 365; major security bugs in Zoom and other platforms; gaming security; the ongoing scourge of Emotet and malware development in general; and concluding with a potpourri of other hot 2020 headlines involving WhatsApp, Fitbit, code-cracking and more.\n\n## **1\\. Microsoft: Office 365 and More**\n\nWith enterprises relying heavily on Microsoft\u2019s business suite of applications during the COVID-19 pandemic, [cybercriminals supercharged their targeting](<https://threatpost.com/phishing-campaign-allows-for-mfa-bypass-on-office-365/155864/>) of these tools across a variety of attack vectors.\n\n### _Most-Read Story of 2020: Microsoft Teams Lure_\n\n[](<https://media.threatpost.com/wp-content/uploads/sites/103/2020/10/22130802/Marketing-1.png>)\n\nMicrosoft Teams phishing email attack. Click to enlarge. Credit: Abnormal Security\n\nOne cybersecurity story caught more reader interest than any other article for the year: Phishes that [pretended to be automated messages from Microsoft Teams.](<https://threatpost.com/microsoft-teams-phishing-office-365/160458/>) The attack, uncovered in October, was sent to between 15,000 to 50,000 Office 365 users, in hopes of scooping up their credentials.\n\nTeams is Microsoft\u2019s popular collaboration tool, which has particularly risen in popularity among [remote workforces during the pandemic](<https://threatpost.com/working-from-home-covid-19s-constellation-of-security-challenges/153720/>) \u2013 making it an attractive brand for attackers to impersonate.\n\n\u201cBecause Microsoft Teams is an instant-messaging service, recipients of this notification might be more apt to click on it so that they can respond quickly to whatever message they think they may have missed based on the notification,\u201d said researchers at the time.\n\n### _Microsoft Office 365: Top Threat Vector_\n\nMany of this year\u2019s top-level phishing attacks leveraged Microsoft-themed lures in order to steal Office 365 credentials. For instance, one spoofed Microsoft.com [to target 200 million Microsoft Office 365 users](<https://threatpost.com/spearphishing-attack-spoofs-microsoft-office-365/162001/>) in a number of key vertical markets. Attackers also shook up their phishing tactics, with one September phishing campaign [using authentication APIs to validate victims\u2019 Office 365 credentials](<https://threatpost.com/office-365-phishing-attack-leverages-real-time-active-directory-validation/159188/>) \u2013 in real time \u2013 as they entered them into the landing page, for example.\n\n### _Microsoft 365 Bugs_\n\n[Flaws were found in Microsoft\u2019s lineup itself as well](<https://threatpost.com/flaws-in-microsoft-365s-mfa-access-cloud-apps/159240/>), with issues in the multi-factor authentication system used by Microsoft\u2019s cloud-based office productivity platform, Microsoft 365, opening the door for hackers to access cloud applications via a bypass of the security system.\n\n## **2\\. Bug Parade 2020**\n\nIn 2020, there was a 65 percent increase in the discovery of high-risk vulnerabilities, according a year-[capping Bugcrowd study](<https://www.bugcrowd.com/press-release/bugcrowd-study-reveals-65-increase-in-discovery-of-high-risk-vulnerabilities-in-2020-amid-covid-19-pandemic/>). Few companies knew this stat better than overnight-sensation Zoom, who found itself on the receiving end of a number of critical bug notifications.\n\nTopping our list of Zoom\u2019s 2020 bugs, and driving serious interest with Threatpost readers, were two zero-day flaws found in the [macOS version of the Zoom client](<https://threatpost.com/two-zoom-zero-day-flaws-uncovered/154337/>) and disclosed on April Fool\u2019s Day. The flaws, uncovered by Patrick Wardle, principle security researcher with Jamf, allowed a local and unprivileged attacker to gain root privileges of a targeted system and gave them access to the victims\u2019 microphone and camera.\n\n### **_Cisco Systems: A Top CVE Squasher!_**\n\nWhen you are one of the world\u2019s leading information technology and networking companies, you\u2019re going to have some bugs. In 2020, Cisco Systems deserves props for its transparency and efficiency when it comes to notifying customers and patching hundreds of vulnerabilities. Let us reminisce. In early December there was the zero-click wormable RCE vulnerability in Cisco Jabber that was patched \u2013 [twice](<https://threatpost.com/critical-cisco-jabber-bug-get-updated-fix/162143/>). From zero-clicks to zero-days, Threatpost readers turned their attention to a nasty, at the time, [unpatched](<https://threatpost.com/cisco-zero-day-anyconnect-secure-patch/160988/>) AnyConnect Secure Mobility Client Software bug. After the bug was patched, Cisco confirmed said there were no reports of attacks against the flaw before [it was fixed](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-ipc-KfQO9QhK>).\n\n## **3\\. Gaming Security**\n\nGaming security came more into focus for readers in 2020, as a possible result of the global COVID-19 pandemic. Thanks to a long few months spent with reduced social outlets, gaming audiences have exploded this year. That\u2019s attracted the attention of cybercriminals \u2013 in a recent [survey](<https://www.kaspersky.com/blog/mums-discuss-gaming-generation-gap/37894/>) by Kaspersky, nearly 61 percent reported suffering foul play such as ID theft, scams or the hack of in-game valuables.\n\n\n\nSource: Kaspersky.\n\n### _Among Us Mobile Game Crashes_\n\nOne of Threatpost\u2019s Top 5 most-read stories covered the meteoric rise of the game Among Us, and how it [outpaced its developer\u2019s ability](<https://threatpost.com/among-us-mobile-game-attackers/160555/>) to keep up with malicious actors.\n\n\n\nIn October, a specific ongoing attack forced InnerSloth, the company behind the game, to hastily roll out an update designed to kick bad actors off the game\u2019s servers \u2014 likely along with some innocent players as well. InnerSloth is run by a three-person team consisting of one developer, one animator and game designer, and one artist.\n\nThe attacks spammed players with ads from a player named Eris Loris, rendering the game useless. The attackers used bots to overwhelm the game with messages promoting a YouTube channel and Discord operated under the name Eris Loris, threatening to \u201cblow up your phone,\u201d and concluding with a \u201cTrump 2020\u201d endorsement.\n\n### _Cyberpunk 2077: Gaming Event of the Year_\n\n## \n\nGaming security news in general was in-demand in 2020. The December release of Cyberpunk 2077, featuring a digitized Keanu Reeves among other things, was supposed to be the gaming event of the year. Instead, the initial release was slammed for poor performance and numerous bugs and glitches that make the user experience less than pleasant \u2013 forcing Sony to pull the game off the PlayStation store.\n\nOn top of that, cybercriminals [waded into the mix](<https://threatpost.com/cyberpunk-2077-headaches-grow-android-spyware/162406/>), spreading ransomware targeting Android devices disguised as a legitimate download of the new open-world game.\n\nThe CoderWare ransomware was being promoted as a download of Cyberpunk 2077 from a fake version of the Google Play mobile app marketplace. The listing for the game, which is named \u201cCyberpunk 2077 Mobile (Beta),\u201d even had reviews from users so as to appear legitimate.\n\n### _NVIDIA Bugs: Fuel to the Fire_\n\nCybercriminals didn\u2019t just target the games themselves in 2020; they also went after bugs in the systems that gamers rely on. Nvidia, which makes gaming-friendly graphics processing units (GPUs), was a particular hot target throughout the year,\n\nIn October it [disclosed two high-severity flaws](<https://threatpost.com/nvidia-gamers-geforce-experience-flaws/160487/>) in the Windows version of its GeForce Experience software. GeForce Experience is a supplemental application to the GeForce GTX graphics card \u2014 it keeps users\u2019 drivers up-to-date, automatically optimizes their game settings and more. GeForce Experience is installed by default on systems running NVIDIA GeForce products, Nvidia\u2019s brand of GPUs.\n\nThe most severe flaw of the two (CVE-2020-5977) can lead to a slew of malicious attacks on affected systems \u2013 including code execution, denial of service, escalation of privileges and information disclosure.\n\nIn June, Nvidia fixed t[wo high-severity flaws that affected drivers](<https://threatpost.com/nvidia-windows-gamers-graphics-driver-bugs/156911/>) for Windows and Linux users, including ones that use Nvidia\u2019s GeForce, Quadro and Tesla software. And in March, [Nvidia issued patches for high-severity bugs](<https://threatpost.com/gamer-alert-serious-nvidia-flaw-plagues-graphics-driver/153380/>) in its graphics driver, which can be exploited by a local attacker to launch DoS or code-execution attacks, and also affected display drivers used in GeForce (as well as Quadro and Tesla-branded) GPUs for Windows.\n\n### _Scalper-Bots Ruin Christmas_\n\nAnother popular gaming headline this year involved another hotly anticipated release in the gaming world: New consoles from Microsoft and Sony: The Xbox Series X and PlayStation PS5, respectively. But an army of bots threatened to drive prices up as much as three times the retail price, putting the coveted holiday gifts well out of reach of everyday fans.\n\nRetailers were quickly cleared out of Xbox inventory on its release day. There were plenty available on eBay though, with price tags more than double that price, several marked at over $1,000. The PlayStation 5, also priced at $499.99, experienced several pre-order confirmations \u2014 not even actual product \u2014 available on eBay listed for around $900.\n\nThe activity sparked the development of the \u201c[Stopping Grinch Bots Act](<https://tonko.house.gov/uploadedfiles/grinch_bots_fact_sheet.pdf>),\u201d introduced in the Senate in December, which would ban bots on all online retail platforms if passed.\n\n## **4\\. Malware Mayhem **\n\n[](<https://media.threatpost.com/wp-content/uploads/sites/103/2020/06/24163300/Lucifer-malware.jpg>)\n\nLucifer Malware emerged to haunt users\n\nIn our fourth hot-topic area, malware authors throughout the year found new ways to snoop on victims, steal sensitive data and more by creating new strains of malware, and improving on old\n\nOne of these strains was a self-propagating malware, found in June, was called Lucifer. [This malware targeted Windows systems](<https://threatpost.com/self-propagating-lucifer-malware-targets-windows-systems/156883/>) with cryptojacking and distributed denial-of-service (DDoS) attacks.\n\nIn addition, cybercriminals also made critical updates or adopted new attack techniques as part of existing, well-known malware families. For instance, in November attackers sent out ads for fake Microsoft Teams updates to deploy backdoors, [which used Cobalt Strike to infect companies\u2019 networks](<https://threatpost.com/microsoft-teams-fakeupdates-malware/161071/>) with malicious code.\n\n### _Emotet\u2019s Evolution Continues_\n\nEmotet, which started as a banking trojan in 2014 and has continually evolved to become a [full-service threat-delivery mechanism](<https://threatpost.com/coronavirus-propagate-emotet/152404/>), continued its track on 2020 to become a top threat. One of Threatpost\u2019s Top 5 headlines of the year came in February, when [a new Emotet malware sample was uncovered](<https://threatpost.com/emotet-now-hacks-nearby-wi-fi-networks-to-spread-like-a-worm/152725/>) with the ability to spread to insecure Wi-Fi networks that are located nearby to an infected device. Also in February, researchers warned of an Emotet campaign being spread via SMS messages. The messages pretended to be from banks, and researchers warned the campaign may have ties to the TrickBot trojan.\n\nEmotet continued to be a thorn in defenders\u2019 side over the course of 2020, picking up a series of new tricks. First, Emotet\u2019s attachments started to include password-protected archive files to bypass email security gateways. Soon after, Palo Alto Networks reported to CISA that researchers are now seeing instances of \u201cthread jacking\u201d \u2014 that is, intercepting an existing email chain via an infected host and simply replying with an attachment to deliver the malware to an unsuspecting recipient.\n\nAnd the threat isn\u2019t limited to desktop computers. Steve Banda, senior manager of security solutions at Lookout, told Threatpost Emotet has gone mobile this year, too.\n\nThe activity led the Feds this fall to [issue a warning](<https://threatpost.com/feds-alarm-emotet-attacks-state-local/159954/>) that state and local governments need to fortify their systems against the trojan.\n\n### _Mobile Malware Attacks Surge _\n\nAttackers honed in on mobile as a target for their malware campaigns this past year, too. The Joker malware (a billing fraud family of malware that emerged in 2017) continued to rock the Android ecosystem, with Google in January announcing [it had removed more than 17,000 Android apps](<https://threatpost.com/joker-androids-malware-ramps-volume/151785/>) from its Google Play marketplace. In a separate July report, [researchers said that 14.8 percent of Android users](<https://threatpost.com/android-users-undeletable-adware/157189/>) who were targeted with mobile malware or adware last year were left with undeletable files. It\u2019s not just mobile \u2013 browsers were also a top vector for spreading malware in 2020, with researchers finding 500 Google Chrome browser extensions in February [secretly uploading private browsing data to attacker-controlled servers](<https://threatpost.com/500-malicious-chrome-extensions-millions/152918/>), and redirecting victims to malware-laced websites.\n\n## **5\\. The Best of the Rest**\n\n**_Positive Encryption News _**\n\nWhether it be browser support for HTTPS or safer certificate deployment, positive developments around [encryption technology](<https://threatpost.com/category/cryptography/page/3/?page=23>) attracted considerable interest with readers. In March, internet behemoths like Google took an even harder stance against the insecure Hypertext Transfer Protocol (HTTP) [and began warning Chrome browser users when the downloads](<https://threatpost.com/google-chrome-to-bar-http-file-downloads/152674/>) from sites lacked the more secure Hypertext Transfer Protocol Secure (HTTPS) protection. [Later in the year](<https://threatpost.com/microsoft-dns-over-https-windows-10/155746/>), browser makers adopted DNS-Over-HTTPS (DoH) support \u2013 both a privacy-boosting and security enhancement.\n\n**_2020 Social Media News Wrap_**\n\nSocial platforms such as Facebook, TikTok and WhatsApp also dominated Threatpost virtual foot traffic. A well-worn path to WhatsApp news stories included headlines \u201c[WhatsApp Phone Numbers Pop Up in Google Search Results](<https://threatpost.com/whatsapp-phone-numbers-google-search-results/156141/>)\u201d and \u201c[WhatsApp Bug Allows Malicious Code-Injection](<https://threatpost.com/whatsapp-bug-malicious-code-injection-rce/152578/>)\u201c. TikTok being [banned by the United States Army](<https://threatpost.com/tiktok-banned-by-u-s-army-over-china-security-concerns/151480/>) drew interest in January 2020 setting the tone for stories to come such as TikTok owner [ByteDance\u2019s security posture](<https://threatpost.com/tik-tok-ban-security-experts-dangers/159362/>) around the app and the possible sale [or ban of TikTok from U.S. markets](<https://threatpost.com/spyware-labeled-tiktok-pro-exploits-fears-of-us-ban/159050/>) altogether. As for Facebook, readers were hungry for news in November about how a Facebook Messenger bug that allowed [spying on Android users](<https://threatpost.com/facebook-messenger-bug-spying-android/161435/>). Facebook\u2019s Messenger client also piqued reader interest in May with a report about Android malware, dubbed WolfRAT, that was being deployed to gather intelligence on victims.\n\n**_Media Beat: Podcasts, Webinars and Video_**\n\nWhen COVID-19 cut Threatpost\u2019s ability to travel to conferences and interview important voices in the security community one-on-one and in person, we adapted. Senior Editor Lindsey O\u2019Donnell Welch produced an impressive library of videos and podcasts in 2020.\n\nAs for videos, one of our most popular segments featured Chris Vickery, the director of risk research with UpGuard who discussed [how artificial intelligence will drive next-gen breaches](<https://threatpost.com/chris-vickery-ai-will-drive-tomorrows-data-breaches/157595/>). She also caught up with Sherrod DeGrippo, senior director of threat research and detection for Proofpoint, who [discussed cyber vigilantes](<https://threatpost.com/a-cyber-vigilante-is-sabotaging-emotets-return/158023/>).\n\nPodcasts our readers enjoyed the most included \u201c[Malware Risks Triple on WFH Networks: Experts Offer Advice](<https://threatpost.com/malware-risks-triple-for-remote-workers/154735/>)\u201c. The second-runner up podcast featured Ryan Olson, vice president of Threat Intelligence for Unit 42 at Palo Alto Networks, and May Wang, senior distinguished engineer at Palo Alto Networks and former Zingbox CTO who each weighed-in on IoT devices vulnerabilities.\n\nTop Threatpost webinars included \u201c[Taming the Unmanaged and IoT Device Tsunami](<https://threatpost.com/webinars/taming-the-unmanaged-and-iot-device-tsunami/>)\u201d which featured cybersecurity expert Bruce Schneier and Armis CISO Curtis Simpson. A second webinar on healthcare security titled \u201c[2020 Healthcare Cybersecurity Priorities: Data Security, Ransomware and Patching](<https://threatpost.com/webinars/2020-healthcare-cybersecurity-priorities-data-security-ransomware-and-patching/>)\u201d featuring Jeff Horne, CSO at Ordr and Tony Reina, chief AI architect. at Intel, was our second most popular. Intelligence for Unit 42 at Palo Alto Networks titled \u201c[More Than Half of IoT Devices Vulnerable to Severe Attacks](<https://threatpost.com/half-iot-devices-vulnerable-severe-attacks/153609/>)\u201c.\n", "modified": "2020-12-30T13:00:26", "published": "2020-12-30T13:00:26", "id": "THREATPOST:F4009822156F8D07C1E02E34CF4982FA", "href": "https://threatpost.com/top-threatpost-stories-2020/162501/", "type": "threatpost", "title": "Most-Wanted Threatpost Stories of 2020", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-11-11T23:42:17", "description": "Nvidia is red-flagging a high-severity flaw in its GeForce NOW application software for Windows. An attacker on a local network can exploit the flaw in order to execute code or gain escalated privileges on affected devices.\n\nGeForce NOW is the brand used by Nvidia for its cloud-based gaming service, which enables real-time gameplay on desktops, laptops, Macs and Android devices. [With an estimated user base](<https://gamedaily.biz/article/1850/nvidias-geforce-now-cloud-gaming-service-launches-on-chromebook>) of 4 million, the service is wildly popular in the gaming community.\n\nIn a Tuesday security advisory, Nvidia revealed a flaw in the popular service (CVE\u20112020\u20115992) that has a CVSS score of 7.3.\n\n[](<https://threatpost.com/newsletter-sign/>)\n\nThe bug stems from an \u201copen-source software dependency\u201d having to do with the OpenSSL library, which is a software library for applications that secure communications over computer networks against eavesdropping or which need to identify the party at the other end.\n\nIn this situation, OpenSSL library is vulnerable to binary planting attacks, according to [Nvidia in its security advisory](<https://nvidia.custhelp.com/app/answers/detail/a_id/5096>). Binary planting is a type of attack where the attacker \u201cplants\u201d a binary file that contains malicious code inside a (in this case local) file system, in order for a vulnerable application to load and execute it.\n\nAll versions prior to 2.0.25.119 are affected; users are urged to update to version 2.0.25.119.\n\n\u201cTo protect your system, open the GeForce NOW application to automatically download the update and follow the instructions for applying it,\u201d according to Nvidia.\n\nNvidia has recently faced various security issues in its gaming-friendly products. That includes two recent flaws in the Windows version of its [GeForce Experience software](<https://threatpost.com/nvidia-gamers-geforce-experience-flaws/160487/>). The most severe flaw of the two (CVE-2020-5977) can lead to a slew of malicious attacks on affected systems \u2013 including code execution, denial of service, escalation of privileges and information disclosure.\n\nIn October, [Nvidia also released a patch](<https://threatpost.com/nvidia-critical-bug-hpc/160762/>) for a critical bug in its high-performance line of DGX servers that could open the door for a remote attacker to take control of and access sensitive data on systems typically operated by governments and Fortune-100 companies.\n\n## **Other Processor Security Issues**\n\nChip manufacturers have deployed a slew of security updates this past week. A massive Intel security update on Tuesday, for instance, [addressed flaws across a myriad of products](<https://threatpost.com/intel-update-critical-privilege-escalation-bugs/161087/>) \u2013 most notably, critical bugs that can be exploited by unauthenticated cybercriminals in order to gain escalated privileges. These critical flaws exist in products related to Wireless Bluetooth \u2013 including various Intel Wi-Fi modules and wireless network adapters \u2013 as well as in its remote out-of-band management tool, Active Management Technology (AMT).\n\nAlso this week, researchers unveiled a new way to steal cryptographic keys from Intel chips through a new side-channel attack, [which they call PLATYPUS.](<https://platypusattack.com>)\n\nThe attack stems from the ability to exploit the Intel Running Average Power Limit (RAPL) interface. RAPL allows monitoring and controlling the power consumption of the CPU and DRAM in software. By launching a side-channel attack against RAPL, researchers were able to not only distinguish different keys, but also reconstruct entire cryptographic keys.\n\nIntel [for its part said that](<https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html>) the flaws (CVE-2020-8694 and CVE-2020-8695) are medium-severity. That\u2019s in part due to the fact that in order to launch an attack, a bad actor would need to have local access to a device, and would need to be authenticated or privileged.\n\nThe chip-maker recommended that users of affected Intel CPUs update to the latest firmware version provided by the system manufacturer (a full list of affected Intel chips and updates [can be found here](<https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html>)).\n\n\u201cIntel recommends that users of affected Intel Processors install the updates provided by their software vendors,\u201d according to Intel\u2019s advisory. \u201cIn Linux, for the change to be effective it will require a reboot. If a reboot is not possible, Intel recommends changing the permissions of the affected sysfs attributes so that only privileged users can access them.\u201d\n\n[](<https://threatpost.com/webinars/2020-healthcare-cybersecurity-priorities-data-security-ransomware-and-patching/?utm_source=ART&utm_medium=ART-Bottom-Image&utm_campaign=Nov_webinar>)\n\n**Hackers Put Bullseye on Healthcare: **[**On Nov. 18 at 2 p.m. EDT**](<https://threatpost.com/webinars/2020-healthcare-cybersecurity-priorities-data-security-ransomware-and-patching/?utm_source=ART&utm_medium=ART&utm_campaign=Nov_webinar>)** find out why hospitals are getting hammered by ransomware attacks in 2020. **[**Save your spot for this FREE webinar**](<https://threatpost.com/webinars/2020-healthcare-cybersecurity-priorities-data-security-ransomware-and-patching/?utm_source=ART&utm_medium=ART&utm_campaign=Nov_webinar>)** on healthcare cybersecurity priorities and hear from leading security voices on how data security, ransomware and patching need to be a priority for every sector, and why. Join us Wed., Nov. 18, 2-3 p.m. EDT for this **[**LIVE**](<https://threatpost.com/webinars/2020-healthcare-cybersecurity-priorities-data-security-ransomware-and-patching/?utm_source=ART&utm_medium=ART&utm_campaign=Nov_webinar>)**, limited-engagement webinar.**\n", "cvss3": {}, "published": "2020-11-11T19:03:15", "type": "threatpost", "title": "Nvidia Warns Windows Gamers of GeForce NOW Flaw", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2020-5977", "CVE-2020-8694", "CVE-2020-8695"], "modified": "2020-11-11T19:03:15", "id": "THREATPOST:91D5C98B376371D3671A448EB5B3A2BF", "href": "https://threatpost.com/nvidia-windows-gamers-geforce-now-flaw/161132/", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-10-26T18:13:11", "description": "Nvidia, which makes gaming-friendly graphics processing units (GPUs), has issued fixes for two high-severity flaws in the Windows version of its GeForce Experience software.\n\nGeForce Experience is a supplemental application to the GeForce GTX graphics card \u2014 it keeps users\u2019 drivers up-to-date, automatically optimizes their game settings and more. GeForce Experience is installed by default on systems running NVIDIA GeForce products, Nvidia\u2019s brand of GPUs.\n\nThe most severe flaw of the two (CVE-2020-5977) can lead to a slew of malicious attacks on affected systems \u2013 including code execution, denial of service, escalation of privileges and information disclosure. It ranks 8.2 out of 10 on the CVSS scale, making it high severity.\n\n[](<https://threatpost.com/newsletter-sign/>)\n\nIn a Thursday security advisory, the graphics giant said users can \u201cdownload the updates from the [GeForce Experience Downloads](<https://www.geforce.com/geforce-experience/download>) page or open the client to automatically apply the security update.\u201d\n\nThe flaw specifically stems from the Nvidia Web Helper NodeJS Web Server. When users install GeForce Experience, Node.js runs on startup and provides a webserver connection with Nvidia. The issue here is that an uncontrolled search path is used to load a node module, [which occurs when](<https://cwe.mitre.org/data/definitions/427.html>) an application uses fixed search paths to find resources \u2013 but one or more locations of the path are under control of malicious user. Attackers can leverage tactics like DLL preloading, binary planting and insecure library loading in order to exploit this vulnerability.\n\nWhile further details regarding this specific flaw are not available from Nvidia, the company did say that attackers can leverage the flaw to execute code, launch a DoS attack, escalate their privileges or view sensitive data. Xavier DANEST with Decathlon was credited with discovering the flaw.\n\nNvidia on Thursday also issued patches for another high-severity flaw in the ShadowPlay component of GeForce Experience (CVE\u20112020\u20115990), which may lead to local privilege escalation, code execution, DoS or information disclosure. Hashim Jawad of ACTIVELabs was credited with discovering the flaw.\n\nVersions of Nvidia GeForce Experience for Windows prior to 3.20.5.70 are affected; users are urged to update to version 3.20.5.70.\n\nNvidia has previously warned of security issues affecting its GeForce brand, including an issue [affecting GeForce Experience in 2019](<https://threatpost.com/nvidia-geforce-experience-bug/143196/>) that could lead to code execution or denial of service of products if exploited.\n\nIn June, Nvidia fixed t[wo high-severity flaws that affected drivers](<https://threatpost.com/nvidia-windows-gamers-graphics-driver-bugs/156911/>) for Windows and Linux users, including ones that use Nvidia\u2019s GeForce, Quadro and Tesla software. And in March, [Nvidia issued patches for high-severity bugs](<https://threatpost.com/gamer-alert-serious-nvidia-flaw-plagues-graphics-driver/153380/>) in its graphics driver, which can be exploited by a local attacker to launch DoS or code-execution attacks, and also affected display drivers used in GeForce (as well as Quadro and Tesla-branded) GPUs for Windows.\n", "cvss3": {}, "published": "2020-10-23T14:09:28", "type": "threatpost", "title": "Nvidia Warns Gamers of Severe GeForce Experience Flaws", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2020-15157", "CVE-2020-5977", "CVE-2020-5990"], "modified": "2020-10-23T14:09:28", "id": "THREATPOST:939D3A37125502BC9EE7A2E56EB485A7", "href": "https://threatpost.com/nvidia-gamers-geforce-experience-flaws/160487/", "cvss": {"score": 0.0, "vector": "NONE"}}], "nvidia": [{"lastseen": "2022-08-05T18:06:23", "description": "NVIDIA has released a software security update for NVIDIA\u00ae GeForce Experience\u2122 software. This update addresses issues that may lead to denial of service, escalation of privileges, code execution, or information disclosure. To protect your system, download and install this software update from the [GeForce Experience Downloads](<https://www.geforce.com/geforce-experience/download>) page or open the client to automatically apply the security update. >Go to [NVIDIA Product Security.](<https://www.nvidia.com/security/>)\n\n### Details\n\nThis section provides a summary of potential vulnerabilities and their impact that this security update addresses. Descriptions use [CWE\u2122](<https://cwe.mitre.org/>), and base scores and vectors use [CVSS v3.1](<https://www.first.org/cvss/v3.1/user-guide>) standards.\n\n**CVE IDs** | **Description** | **Base Score** | **Vector** \n---|---|---|--- \nCVE\u20112020\u20115977 | NVIDIA GeForce Experience contains a vulnerability in NVIDIA Web Helper NodeJS Web Server in which an uncontrolled search path is used to load a node module, which may lead to code execution, denial of service, escalation of privileges, and information disclosure. | 8.2 | [AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H](<https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H>) \nCVE\u20112020\u20115990 | NVIDIA GeForce Experience contains a vulnerability in the ShadowPlay component which may lead to local privilege escalation, code execution, denial of service or information disclosure. | 7.3 | [AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H](<https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H>) \nCVE\u20112020\u20115978 | NVIDIA GeForce Experience contains a vulnerability in its services in which a folder is created by `nvcontainer.exe` under normal user login with `LOCAL_SYSTEM` privileges which may lead to a denial of service or escalation of privileges. | 3.2 | [AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:L](<https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:L>) \n \nThe NVIDIA risk assessment is based on an average of risk across a diverse set of installed systems and may not represent the true risk to your local installation. NVIDIA recommends consulting a security or IT professional to evaluate the risk to your specific configuration.\n\n### Security Updates\n\nThe following table lists the NVIDIA software products affected, versions affected, and the updated version that includes this security update.\n\nDownload the updates from the [GeForce Experience Downloads](<https://www.geforce.com/geforce-experience/download>) page or open the client to automatically apply the security update.\n\n**CVE IDs Addressed** | **Software Product** | **Operating System** | **Affected Versions** | **Updated Version** \n---|---|---|---|--- \nCVE\u20112020\u20115977 CVE\u20112020\u20115978 CVE\u20112020\u20115990 | GeForce Experience | Windows | All versions prior to 3.20.5.70 | 3.20.5.70 \n \n### Mitigations\n\nSee Security Updates for the version to install.\n\n### Acknowledgements\n\nNVIDIA thanks following individuals for reporting the issues:\n\n * CVE\u20112020\u20115977: Xavier DANEST of Decathlon and Boris Ryutin\n * CVE\u20112020\u20115978: Hashim Jawad of ACTIVELabs\n * CVE\u20112020\u20115990: Hashim Jawad of ACTIVELabs\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-10-22T00:00:00", "type": "nvidia", "title": "Security Bulletin: NVIDIA GeForce Experience - October 2020", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-5977", "CVE-2020-5978", "CVE-2020-5990"], "modified": "2020-10-28T00:00:00", "id": "NVIDIA:5076", "href": "https://nvidia.custhelp.com/app/answers/detail/a_id/5076", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}]}
CVE-2020-5977
