CVE-2021-1073
moderate-risk
Published 2021-06-25
NVIDIA GeForce Experience, all versions prior to 3.23, contains a vulnerability in the login flow when a user tries to log in by using a browser, while, at the same time, any other web page is loaded in other tabs of the same browser. In this situation, the web page can get access to the token of the user login session, leading to the possibility that the user’s account is compromised. This may lead to the targeted user’s data being accessed, altered, or lost.
Do I need to act?
-
0.31% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.3/10
High
NETWORK
/ HIGH complexity
Affected Products (1)
Affected Vendors
References (2)
Vendor Advisory
https://nvidia.custhelp.com/app/answers/detail/a_id/5199
Vendor Advisory
https://nvidia.custhelp.com/app/answers/detail/a_id/5199
31
/ 100
moderate-risk
Severity
25/34 · High
Exploitability
1/34 · Minimal
Exposure
5/34 · Minimal