CVE-2021-1073 Information

Description

NVIDIA GeForce Experience all versions prior to 3.23 contains a vulnerability in the login flow when a user tries to log in by using a browser while at the same time any other web page is loaded in other tabs of the same browser. In this situation the web page can get access to the token of the user login session leading to the possibility that the user’s account is compromised. This may lead to the targeted user’s data being accessed altered or lost.

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

Reference

https://nvidia.custhelp.com/app/answers/detail/a_id/5199

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

CHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

8.3