Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvidiaNvidiaNVIDIA:5096
HistoryNov 10, 2020 - 12:00 a.m.

Security Bulletin: NVIDIA GeForce NOW - November 2020

2020-11-1000:00:00
nvidia.custhelp.com
45

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

4.4 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

29.2%

JSON

NVIDIA has released a software update for NVIDIA® GeForce NOW™ application software on Windows. This update addresses a security issue that may lead to code execution or escalation of privileges. To protect your system, open the GeForce NOW application to automatically download the update and follow the instructions for applying it. Alternatively, this update can be installed manually by following these instructions. Go to NVIDIA Product Security.

Details

This section summarizes the potential impact that this security update addresses. Descriptions use CWE™, and base scores and vectors use CVSS V3.1 standards.

CVE IDs Description Base Score Vector
CVE‑2020‑5992 NVIDIA GeForce NOW application software on Windows contains a vulnerability in its open-source software dependency in which the OpenSSL library is vulnerable to binary planting attacks by a local user, which may lead to code execution or escalation of privileges. 7.3 AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

The NVIDIA risk assessment is based on an average of risk across a diverse set of installed systems and may not represent the true risk to your local installation. NVIDIA recommends consulting a security or IT professional to evaluate the risk to your specific configuration.

Security Updates

The following table lists the NVIDIA software products affected, versions affected, and the updated version that includes this security update.

To protect your system, open the GeForce NOW application to automatically download the security update and follow the instructions for applying it. Alternatively, this update can be installed manually by following these instructions.

CVE ID Addressed Software Product Operating System Affected Versions Updated Version
CVE‑2020‑5992 GeForce NOW Application Windows All versions prior to 2.0.25.119 2.0.25.119

Mitigations

None. See Security Updates for the version to install.

Acknowledgements

NVIDIA thanks following individual for reporting the issue:

  • CVE‑2020‑5992: Hou JingYi (@hjy79425575) of Qihoo 360 CERT
CPENameOperatorVersion
geforce now applicationlt2.0.25.119

Related

prion 1
cve 1
prion
prion
Design/Logic Flaw
2020-11-11 23:15:00
cve
cve
CVE-2020-5992
2020-11-11 23:15:00

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

4.4 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

29.2%

JSON
Related for NVIDIA:5096
prion1cve1