Information disclosure in NVIDIA App (formerly GeForce Experience) - CVE‑2018‑6262
Published: October 12, 2018
Vulnerability identifier: #VU15339
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE‑2018‑6262
CWE-ID: CWE-264
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: nVidia
Affected software:
NVIDIA App (formerly GeForce Experience)
NVIDIA App (formerly GeForce Experience)
Detailed vulnerability description
The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.
The weakness exists due to limited sensitive user information may be available to users with system access when GameStream is enabled. A local attacker can gain access to users credentials.
The weakness exists due to limited sensitive user information may be available to users with system access when GameStream is enabled. A local attacker can gain access to users credentials.
How to mitigate CVE‑2018‑6262
Update to version 3.15 or later.