CVE-2016-8827

Опубликовано: 16 дек. 2016

Источник: nvd

CVSS3: 6.5

CVSS2: 5

EPSS Низкий

Описание

NVIDIA GeForce Experience 3.x before GFE 3.1.0.52 contains a vulnerability in NVIDIA Web Helper.exe where a local web API endpoint, /VisualOPS/v.1.0./, lacks proper access control and parameter validation, allowing for information disclosure via a directory traversal attack.

Ссылки

http://nvidia.custhelp.com/app/answers/detail/a_id/4279
Vendor Advisory
http://www.securityfocus.com/bid/94964
Third Party Advisory
VDB Entry
https://nvidia.custhelp.com/app/answers/detail/a_id/5033
Vendor Advisory
https://nvidia.custhelp.com/app/answers/detail/a_id/5155
Not Applicable
http://nvidia.custhelp.com/app/answers/detail/a_id/4279
Vendor Advisory
http://www.securityfocus.com/bid/94964
Third Party Advisory
VDB Entry
https://nvidia.custhelp.com/app/answers/detail/a_id/5033
Vendor Advisory
https://nvidia.custhelp.com/app/answers/detail/a_id/5155
Not Applicable

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:nvidia:geforce_experience:*:*:*:*:*:*:*:*

Версия от 3.0 (включая) до 3.1.0.52 (исключая)

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

EPSS

Процентиль: 90%

0.05952

Низкий

6.5 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-22

Связанные уязвимости

GHSA-xmcx-3xp5-5g3c