Η NVIDIA corrected a vulnerability in Windows NVIDIA GeForce Experience (GFE) software which could allow attackers to execute code, to perform denial of service (DoS) attacks or gain access with increased privileges to uninformed systems.
Vulnerability has been named CVE - 2020‑5964 and requires local access (local user access) on the vulnerable device. The attackers could not use this vulnerability remote. However, it can be abused with the help of malicious tools distributed to systems with NVIDIA GFE vulnerable versions.
NVIDIA GeForce Experience (GFE) is a software for them GeForce GTX, RTX, TITAN X and other NVIDIA GeForce graphics cardsn and can be installed in computers running Windows 7 or later.
"It updates your drivers, automatically optimizes your game settings and gives you an easy way to share your best gaming moments with friends," says NVIDIA.
Vulnerability is considered moderate in terms of severity. After successfully exploiting it, attackers can execute code on computers Windows running non-updated versions of NVIDIA GFE software.
The vulnerability CVE - 2020‑5964 of GeForce Experience, which corrected by update security of July 2020, is described in detail in the table below.
|CVE ID||Description||Base Score||Vector|
|CVE ‑ 2020‑5964||NVIDIA GeForce Experience software contains a vulnerability in the service host component, in which the integrity check of application resources may be missed. Such an attack may lead to code execution, denial of service, or information disclosure.||6.5||AV: L / AC: L / PR: H / UI: R / S: U / C: H / I: H / A:H|
NVIDIA says users with vulnerable versions of NVIDIA GeForce Experience (GFE) software should consult a security professional to evaluate risk for their systems.
Which versions of the NVIDIA GeForce Experience are vulnerable?
The security issue affects Windows computers running versions of the NVIDIA GeForce Experience (GFE) before 3.20.4.
"Previous software branch versions that support this product are also affected", NVIDIA explained. Therefore, the new version must be updated immediately.
For information on their systems, NVIDIA GeForce Experience (GFE) users can go to the page GeForce Experience Downloads or start it GFE client to Windows their computers to receive the update using it built-in auto-update mechanism.