Vulnerability Description
NVIDIA GeForce Experience, all versions prior to 3.23, contains a vulnerability in the login flow when a user tries to log in by using a browser, while, at the same time, any other web page is loaded in other tabs of the same browser. In this situation, the web page can get access to the token of the user login session, leading to the possibility that the user’s account is compromised. This may lead to the targeted user’s data being accessed, altered, or lost.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nvidia | Geforce Experience | < 3.23 |
| Microsoft | Windows | - |
References
- https://nvidia.custhelp.com/app/answers/detail/a_id/5199Vendor Advisory
- https://nvidia.custhelp.com/app/answers/detail/a_id/5199Vendor Advisory
FAQ
What is CVE-2021-1073?
CVE-2021-1073 is a vulnerability with a CVSS score of 8.3 (HIGH). NVIDIA GeForce Experience, all versions prior to 3.23, contains a vulnerability in the login flow when a user tries to log in by using a browser, while, at the same time, any other web page is loaded ...
How severe is CVE-2021-1073?
CVE-2021-1073 has been rated HIGH with a CVSS base score of 8.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-1073?
Check the references section above for vendor advisories and patch information. Affected products include: Nvidia Geforce Experience, Microsoft Windows.