SB2018090310 - Multiple vulnerabilities in NVIDIA GeForce Experience 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2018090310

SB2018090310 - Multiple vulnerabilities in NVIDIA GeForce Experience

Published: September 3, 2018

Security Bulletin ID SB2018090310
Severity
Low
Patch available
YES
Number of vulnerabilities 3
Exploitation vector Local access
Highest impact Code execution

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.


1) Improper access control (CVE-ID: CVE-2018-6257)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to improper access control when GameStream is enabled. A local attacker can cause the service to crash or gain elevated privileges.

2) Man-in-the-middle attack (CVE-ID: CVE-2018-6258)

The vulnerability allows a local attacker to conduct man-in-the-middle attack on the target system.

The weakness exists due to an error during GameStream installation. A local attacker can conduct MITM-attack and gain access to important data.

3) Information disclosure (CVE-ID: CVE-2018-6259)

The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The weakness exists due to an error when GameStream is enabled,. A local attacker can gain access to important data.

Remediation

Install update from vendor's website.

References