Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
lenovoLenovoLENOVO:PS500208-NOSID
HistoryDec 13, 2018 - 1:34 p.m.

NVIDIA GeForce Experience Vulnerabilities - Lenovo Support US

2018-12-1313:34:08
support.lenovo.com
45

0.0004 Low

EPSS

Percentile

12.7%

JSON

Lenovo Security Advisory: LEN-24779

Potential Impact: Information disclosure, denial of service, privilege escalation

Severity: High

Scope of Impact: Industry-wide

CVE Identifier: CVE-2018-6257, CVE-2018-6258, CVE-2018-6259, CVE‑2018‑6261, CVE‑2018‑6262

Summary Description:

NVIDIA has released a software update to address potential security vulnerabilities in GeForce Experience. When GameStream is enabled and an unauthorized user gains system access, these issues may lead to limited user information disclosure, denial of service, or escalation of privileges. These vulnerabilities are summarized below.

CVE-2018-6257: NVIDIA GeForce Experience contains a potential vulnerability when GameStream is enabled where improper access control may lead to a denial of service, escalation of privileges, or both.

CVE-2018-6258: NVIDIA GeForce Experience contains a potential vulnerability during GameStream installation where an attacker who has system access can potentially conduct a Man-in-the-Middle (MitM) attack to obtain sensitive information.

CVE-2018-6259: NVIDIA GeForce Experience contains a potential vulnerability when GameStream is enabled, an attacker has system access, and certain system features are enabled, where limited information disclosure may be possible.

CVE-2018-6261: NVIDIA GeForce Experience contains a vulnerability when GameStream is enabled which sets incorrect permissions on a file, which may to code execution, denial of service, or escalation of privileges by users with system access.

CVE-2018-6262: NVIDIA GeForce Experience contains a vulnerability when GameStream is enabled where limited sensitive user information may be available to users with system access, which may lead to information disclosure.

Mitigation Strategy for Customers (what you should do to protect yourself):

NVIDIA recommends updating to the version of NVIDIA GeForce Experience (or later) described for your system in the product impact section. To immediately protect your system, disable the GeForce Experience Share In-game Overlay until the application can be patched.

Product Impact:

Product Impact:

Related

lenovo 1
nvidia 2
cvelist 5
prion 5
nvd 5
cve 5
lenovo
lenovo
NVIDIA GeForce Experience Vulnerabilities - Lenovo Support NL
2018-12-13 13:34:08
nvidia
nvidia
Security Bulletin: NVIDIA GeForce Experience Software Security Updates for Multiple Vulnerabilities When GameStream is Enabled
2018-08-30 00:00:00
Security Bulletin: NVIDIA GeForce Experience - September 2018
2018-09-27 00:00:00
cvelist
cvelist
CVE-2018-6259
2018-08-30 00:00:00
CVE-2018-6261
2018-09-27 00:00:00
CVE-2018-6257
2018-08-30 00:00:00
prion
prion
Improper access control
2018-08-31 20:29:00
Design/Logic Flaw
2018-08-31 20:29:00
Information disclosure
2018-10-02 17:29:00
nvd
nvd
CVE-2018-6257
2018-08-31 20:29:00
CVE-2018-6259
2018-08-31 20:29:00
CVE-2018-6258
2018-08-31 20:29:00
cve
cve
CVE-2018-6259
2018-08-31 20:29:00
CVE-2018-6257
2018-08-31 20:29:00
CVE-2018-6261
2018-10-02 17:29:00

0.0004 Low

EPSS

Percentile

12.7%

JSON
Related for LENOVO:PS500208-NOSID
lenovo1nvidia2cvelist5prion5nvd5cve5