Vulnerability Details : CVE-2022-42291
NVIDIA GeForce Experience contains a vulnerability in the installer, where a user installing the NVIDIA GeForce Experience software may inadvertently delete data from a linked location, which may lead to data tampering. An attacker does not have explicit control over the exploitation of this vulnerability, which requires the user to explicitly launch the installer from the compromised directory.
Products affected by CVE-2022-42291
- cpe:2.3:a:nvidia:geforce_experience:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-42291
0.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 12 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-42291
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N |
1.8
|
3.6
|
NIST | |
|
8.2
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:H |
1.8
|
5.8
|
NVIDIA Corporation |
CWE ids for CVE-2022-42291
-
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.Assigned by: nvd@nist.gov (Primary)
-
The product opens a file or directory, but it does not properly prevent the name from being associated with a junction or mount point to a destination that is outside of the intended control sphere.Assigned by: psirt@nvidia.com (Secondary)
References for CVE-2022-42291
-
https://nvidia.custhelp.com/app/answers/detail/a_id/5384
Security Bulletin: NVIDIA GeForce Experience - January 2023 | NVIDIAVendor Advisory
Jump to