CVE-2019-5689 : NVIDIA GeForce Experience, all versions prior to 3.20.1, contains a vulnerability in the Downloader component in which a

NVIDIA GeForce Experience, all versions prior to 3.20.1, contains a vulnerability in the Downloader component in which a user with local system access can craft input that may allow malicious files to be downloaded and saved. This behavior may lead to code execution, denial of service, or information disclosure.

Published 2019-11-09 02:15:12

Updated 2020-08-24 17:37:01

Source NVIDIA Corporation

View at NVD, CVE.org

Vulnerability category: Denial of serviceInformation leak

Exploit prediction scoring system (EPSS) score for CVE-2019-5689

Probability of exploitation activity in the next 30 days: 0.04%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2019-5689

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.6	MEDIUM	AV:L/AC:L/Au:N/C:P/I:P/A:P	3.9	6.4	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	1.8	5.9	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

References for CVE-2019-5689

https://nvidia.custhelp.com/app/answers/detail/a_id/4860

Security Bulletin: NVIDIA GeForce Experience - November 2019 | NVIDIA
Patch;Vendor Advisory

CVEs referencing this url

Products affected by CVE-2019-5689

Nvidia » Geforce Experience
Versions before (<) 3.20.1
cpe:2.3:a:nvidia:geforce_experience:*:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2019-5689

Exploit prediction scoring system (EPSS) score for CVE-2019-5689

CVSS scores for CVE-2019-5689

References for CVE-2019-5689

Products affected by CVE-2019-5689