CVE-2021-1073
Last modified
CVE-2021-1073 is a high-severity vulnerability rated 8.3/10 on the CVSS scale. NVIDIA GeForce Experience, all versions prior to 3.23, contains a vulnerability in the login flow when a user tries to log in by using a browser, while, at the same time, any other web page is loaded in other tabs of the same browser. In this situation, the web page can get access to the token of the user login session, leading to the possibility that the user’s account is compromised. EPSS estimates a 0.90% chance of exploitation in the next 30 days.
Description
NVIDIA GeForce Experience, all versions prior to 3.23, contains a vulnerability in the login flow when a user tries to log in by using a browser, while, at the same time, any other web page is loaded in other tabs of the same browser. In this situation, the web page can get access to the token of the user login session, leading to the possibility that the user’s account is compromised. This may lead to the targeted user’s data being accessed, altered, or lost.
Metrics
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Nvidia | Geforce Experience | < 3.23 |
References
- https://nvidia.custhelp.com/app/answers/detail/a_id/5199Vendor Advisory
- https://nvidia.custhelp.com/app/answers/detail/a_id/5199Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-1073?
How severe is CVE-2021-1073?
How do I fix CVE-2021-1073?
Are you affected by CVE-2021-1073?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST