fkie_cve-2019-5695
Vulnerability from fkie_nvd
Published
2019-11-12 21:15
Modified
2024-11-21 04:45
Severity ?
6.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
Summary
NVIDIA GeForce Experience (prior to 3.20.1) and Windows GPU Display Driver (all versions) contains a vulnerability in the local service provider component in which an attacker with local system and privileged access can incorrectly load Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), which may lead to denial of service or information disclosure through code execution.
References
psirt@nvidia.comhttps://nvidia.custhelp.com/app/answers/detail/a_id/4860Patch, Vendor Advisory
psirt@nvidia.comhttps://nvidia.custhelp.com/app/answers/detail/a_id/4907Patch, Vendor Advisory
psirt@nvidia.comhttps://safebreach.com/Post/NVIDIA-GPU-Display-Drivers-for-Windows-and-GFE-Software-DLL-Preloading-and-Potential-Abuses-CVE-2019-5694-CVE-2019-5695Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://nvidia.custhelp.com/app/answers/detail/a_id/4860Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://nvidia.custhelp.com/app/answers/detail/a_id/4907Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://safebreach.com/Post/NVIDIA-GPU-Display-Drivers-for-Windows-and-GFE-Software-DLL-Preloading-and-Potential-Abuses-CVE-2019-5694-CVE-2019-5695Exploit, Third Party Advisory
Impacted products
Vendor Product Version
nvidia geforce_experience *
nvidia gpu_driver *
microsoft windows -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nvidia:geforce_experience:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3627005A-4CB9-4881-AB6C-F2145AA138DC",
              "versionEndExcluding": "3.20.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nvidia:gpu_driver:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "18C44215-3940-4A5C-BC6F-0F0E4B7A91DF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "NVIDIA GeForce Experience (prior to 3.20.1) and Windows GPU Display Driver (all versions) contains a vulnerability in the local service provider component in which an attacker with local system and privileged access can incorrectly load Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), which may lead to denial of service or information disclosure through code execution."
    },
    {
      "lang": "es",
      "value": "NVIDIA GeForce Experience (versiones anteriores a 3.20.1) y Windows GPU Display Driver (todas las versiones), contienen una vulnerabilidad en el componente del proveedor de servicios local en la que un atacante con sistema local y acceso privilegiado puede cargar incorrectamente las DLL del sistema Windows sin comprobar la ruta o la firma (tambi\u00e9n se conoce como ataque de siembra binaria o de precarga de DLL), lo que puede conllevar a una denegaci\u00f3n de servicio o una divulgaci\u00f3n de informaci\u00f3n por medio de una ejecuci\u00f3n de c\u00f3digo."
    }
  ],
  "id": "CVE-2019-5695",
  "lastModified": "2024-11-21T04:45:21.750",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.9,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.6,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-11-12T21:15:12.037",
  "references": [
    {
      "source": "psirt@nvidia.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4860"
    },
    {
      "source": "psirt@nvidia.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4907"
    },
    {
      "source": "psirt@nvidia.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://safebreach.com/Post/NVIDIA-GPU-Display-Drivers-for-Windows-and-GFE-Software-DLL-Preloading-and-Potential-Abuses-CVE-2019-5694-CVE-2019-5695"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4860"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4907"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://safebreach.com/Post/NVIDIA-GPU-Display-Drivers-for-Windows-and-GFE-Software-DLL-Preloading-and-Potential-Abuses-CVE-2019-5694-CVE-2019-5695"
    }
  ],
  "sourceIdentifier": "psirt@nvidia.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-427"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.