Data Tampering Risk in NVIDIA GeForce Experience Installer
CVE-2022-42291

8.2HIGH

Key Information:

Vendor: Nvidia
Status: Geforce Experience
Vendor: CVE Published:; 7 February 2023

Summary

NVIDIA GeForce Experience has a vulnerability in its installer that could allow users to unintentionally delete data from a connected location during the installation process. This vulnerability arises when users run the installer from a compromised directory. While an attacker does not have direct control over the exploitation, awareness of the installation source is crucial to prevent unintended data loss.

Affected Version(s)

GeForce Experience Windows All versions prior to 3.27.0.112

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5384

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Feb 7, 2023
Vulnerability Reserved
Oct 3, 2022