#VU15339 Information disclosure in NVIDIA App (formerly GeForce Experience) - CVE‑2018‑6262
Published: October 12, 2018
Vulnerability identifier: #VU15339
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE‑2018‑6262
CWE-ID: CWE-264
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
NVIDIA App (formerly GeForce Experience)
NVIDIA App (formerly GeForce Experience)
Software vendor:
nVidia
nVidia
Description
The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.
The weakness exists due to limited sensitive user information may be available to users with system access when GameStream is enabled. A local attacker can gain access to users credentials.
The weakness exists due to limited sensitive user information may be available to users with system access when GameStream is enabled. A local attacker can gain access to users credentials.
Remediation
Update to version 3.15 or later.