CVE-2020-5962 - Vulnerability Details - OpenCVE

NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the NVIDIA Control Panel component, in which an attacker with local system access can corrupt a system file, which may lead to denial of service or escalation of privileges.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Nvidia	Geforce Geforce Firmware Nvs Nvs Firmware Quadro Quadro Firmware Tesla Tesla Firmware

Configuration 1 [-]

AND

OR	cpe:2.3:o:nvidia:quadro_firmware::::::::
	cpe:2.3:o:nvidia:quadro_firmware::::::::
	cpe:2.3:o:nvidia:quadro_firmware::::::::
	cpe:2.3:o:nvidia:quadro_firmware::::::::

cpe:2.3:h:nvidia:quadro:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:nvidia:geforce_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:nvidia:geforce:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

OR	cpe:2.3:o:nvidia:tesla_firmware::::::::
	cpe:2.3:o:nvidia:tesla_firmware::::::::

cpe:2.3:h:nvidia:tesla:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

OR	cpe:2.3:o:nvidia:nvs_firmware::::::::
	cpe:2.3:o:nvidia:nvs_firmware::::::::
	cpe:2.3:o:nvidia:nvs_firmware::::::::
	cpe:2.3:o:nvidia:nvs_firmware::::::::

cpe:2.3:h:nvidia:nvs:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://nvidia.custhelp.com/app/answers/detail/a_id/5031

History

No history.

MITRE

Status: PUBLISHED

Assigner: nvidia

Published: 2020-06-24T20:10:11

Updated: 2024-08-04T08:47:40.933Z

Reserved: 2020-01-07T00:00:00

Link: CVE-2020-5962

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-06-24T20:15:10.407

Modified: 2024-11-21T05:34:54.647

Link: CVE-2020-5962

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "NVIDIA GPU Display Driver", "vendor": "NVIDIA", "versions": [{"status": "affected", "version": "All"}]}], "descriptions": [{"lang": "en", "value": "NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the NVIDIA Control Panel component, in which an attacker with local system access can corrupt a system file, which may lead to denial of service or escalation of privileges."}], "problemTypes": [{"descriptions": [{"description": "denial of service or escalation of privileges", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-06-24T20:10:11", "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5031"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@nvidia.com", "ID": "CVE-2020-5962", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "NVIDIA GPU Display Driver", "version": {"version_data": [{"version_value": "All"}]}}]}, "vendor_name": "NVIDIA"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the NVIDIA Control Panel component, in which an attacker with local system access can corrupt a system file, which may lead to denial of service or escalation of privileges."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "denial of service or escalation of privileges"}]}]}, "references": {"reference_data": [{"name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5031", "refsource": "CONFIRM", "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5031"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T08:47:40.933Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5031"}]}]}, "cveMetadata": {"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "assignerShortName": "nvidia", "cveId": "CVE-2020-5962", "datePublished": "2020-06-24T20:10:11", "dateReserved": "2020-01-07T00:00:00", "dateUpdated": "2024-08-04T08:47:40.933Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:nvidia:quadro_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "2F3BB4C3-E77E-4841-A436-E9033FEE5011", "versionEndExcluding": "392.61", "versionStartIncluding": "390", "vulnerable": true}, {"criteria": "cpe:2.3:o:nvidia:quadro_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "021A11A4-23AE-4C5F-A3F0-357481BC1C91", "versionEndExcluding": "426.78", "versionStartIncluding": "418", "vulnerable": true}, {"criteria": "cpe:2.3:o:nvidia:quadro_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E9195AEC-3EB3-4991-947B-E68817B8902A", "versionEndExcluding": "443.18", "versionStartIncluding": "440", "vulnerable": true}, {"criteria": "cpe:2.3:o:nvidia:quadro_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FCA19971-9415-4D00-9090-21788E753CEE", "versionEndExcluding": "451.48", "versionStartIncluding": "450", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:nvidia:quadro:-:*:*:*:*:*:*:*", "matchCriteriaId": "B56258A7-E289-426E-B8D1-309CCB54E893", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:nvidia:geforce_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "8472A4C6-922C-44F5-AF22-1BD3F45E70CA", "versionEndExcluding": "451.48", "versionStartIncluding": "450", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:nvidia:geforce:-:*:*:*:*:*:*:*", "matchCriteriaId": "6B30520A-D378-4CC8-812D-3B443740D6E3", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:nvidia:tesla_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C11F4D2B-A251-4D15-9902-9E2AB23C58D5", "versionEndExcluding": "426.78", "versionStartIncluding": "418", "vulnerable": true}, {"criteria": "cpe:2.3:o:nvidia:tesla_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "CA8EEDE5-CF37-4CC3-B556-EA329027CC4C", "versionEndExcluding": "443.18", "versionStartIncluding": "440", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:nvidia:tesla:-:*:*:*:*:*:*:*", "matchCriteriaId": "75C6DE26-88F2-428E-B761-754BD027E015", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:nvidia:nvs_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "8E71ACEF-7A5B-4C77-81A5-539BB4D86E47", "versionEndExcluding": "392.61", "versionStartIncluding": "390", "vulnerable": true}, {"criteria": "cpe:2.3:o:nvidia:nvs_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3A611598-0D67-49A8-B6A5-87EE823E2619", "versionEndExcluding": "426.78", "versionStartIncluding": "418", "vulnerable": true}, {"criteria": "cpe:2.3:o:nvidia:nvs_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "01F0E734-BA49-4119-998C-142860430AB4", "versionEndExcluding": "443.18", "versionStartIncluding": "440", "vulnerable": true}, {"criteria": "cpe:2.3:o:nvidia:nvs_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "40537521-3B8D-4B2D-94D5-B79C219D7BF6", "versionEndExcluding": "451.48", "versionStartIncluding": "450", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:nvidia:nvs:-:*:*:*:*:*:*:*", "matchCriteriaId": "C60D8825-B4F5-47DC-ACC3-137D6FC5F12F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the NVIDIA Control Panel component, in which an attacker with local system access can corrupt a system file, which may lead to denial of service or escalation of privileges."}, {"lang": "es", "value": "NVIDIA Windows GPU Display Driver, todas las versiones, contiene una vulnerabilidad en el componente NVIDIA Control Panel, en el que un atacante con acceso al sistema local puede da\u00f1ar un archivo de sistema, que puede conllevar a una denegaci\u00f3n de servicio o una escalada de privilegios"}], "id": "CVE-2020-5962", "lastModified": "2024-11-21T05:34:54.647", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-06-24T20:15:10.407", "references": [{"source": "psirt@nvidia.com", "tags": ["Vendor Advisory"], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5031"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5031"}], "sourceIdentifier": "psirt@nvidia.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}