CVE-2019-5678

moderate-risk

Published 2019-05-31

NVIDIA GeForce Experience versions prior to 3.19 contains a vulnerability in the Web Helper component, in which an attacker with local system access can craft input that may not be properly validated. Such an attack may lead to code execution, denial of service or information disclosure.

Do I need to act?

0.36% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.8/10 High

LOCAL / LOW complexity

Affected Products (1)

Geforce Experience

Affected Vendors

Nvidia

References (4)

Patch https://nvidia.custhelp.com/app/answers/detail/a_id/4806

https://support.lenovo.com/us/en/product_security/LEN-27815

Patch https://nvidia.custhelp.com/app/answers/detail/a_id/4806

https://support.lenovo.com/us/en/product_security/LEN-27815

/ 100

moderate-risk

Severity 24/34 · High

Exploitability 1/34 · Minimal

Exposure 5/34 · Minimal