PT-2021-4733 · Nvidia · Nvidia Control Panel+1

Published

2021-07-20

Updated

2021-07-31

CVE-2021-1092

CVSS v3.1

7.1

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Name of the Vulnerable Software and Affected Versions NVIDIA GPU Display Driver for Windows (affected versions not specified)

Description The issue is related to a vulnerability in the NVIDIA Control Panel application, which is susceptible to a Windows file system symbolic link attack. This could allow an unprivileged attacker to cause the application to overwrite privileged files, potentially resulting in denial of service or data loss. The vulnerability is also associated with errors in handling hard links, which could enable an attacker to elevate their privileges or cause a denial of service.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Link Following

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-59CWE-269

Related Identifiers

BDU:2021-05442

CVE-2021-1092

Affected Products

Nvidia Control Panel

Nvidia Gpu Display Driver

PT-2021-4733 · Nvidia · Nvidia Control Panel+1

CVE-2021-1092

Weakness Enumeration

Related Identifiers

Affected Products

References · 7