Lucene search

[email protected]NVD:CVE-2020-5977

HistoryOct 23, 2020 - 6:15 p.m.

CVE-2020-5977

2020-10-2318:15:16

CWE-426

[email protected]

web.nvd.nist.gov

nvidia geforce experience

web helper nodejs

code execution

denial of service

privilege escalation

information disclosure

CVSS2

4.4

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

29.4%

JSON

NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in NVIDIA Web Helper NodeJS Web Server in which an uncontrolled search path is used to load a node module, which may lead to code execution, denial of service, escalation of privileges, and information disclosure.

Affected configurations

Nvd

Node

nvidiageforce_experienceRange<3.20.5.70

VendorProductVersionCPE
nvidiageforce_experience*cpe:2.3:a:nvidia:geforce_experience:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
nvidia	geforce_experience	*	cpe:2.3:a:nvidia:geforce_experience::::::::

References

nvidia.custhelp.com/app/answers/detail/a_id/5076

CVSS2

4.4

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

29.4%

JSON

Related for NVD:CVE-2020-5977

prion1 cvelist1 cve1 threatpost3 nvidia1