ACTIVE-2019-011: NVIDIA GeForce Experience Local Privilege Escalation
Vulnerability Type:
Privilege Escalation
Vendors:
NVIDIA Corporation
CVE ID:
CVE-2019-5701
Affected Products:
- GeForce Experience version 3.20.0.118 and older
Summary:
GeForce Experience version 3.20.0.118 and older suffer from local privilege escalation due to the lack of safe DLL loading. This vulnerability allows local non-privileged users to perform DLL Hijacking via any writable directory listed under the system path and ultimately execute code as NT AUTHORITY\SYSTEM.
Mitigation:
The vendor has released a patch in version 3.20.1.57 addressing this vulnerability.
Credit:
This vulnerability was found by Hashim Jawad of ACTIVELabs.
References:
- https://nvidia.custhelp.com/app/answers/detail/a_id/4860
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5701
- https://nvd.nist.gov/vuln/detail/CVE-2019-5701
Disclosure Timeline:
- 09-03-19: ACTIVELabs sent vulnerability details to NVIDIA PSIRT
- 09-04-19: NVIDIA PSIRT acknowledge report and opened a case
- 09-11-19: ACTIVELabs requested status update
- 09-11-19: NVIDIA PSIRT responded that the product team is still working to reproduce the issue
- 09-13-19: NVIDIA PSIRT requested additional information
- 09-13-19: ACTIVELabs sent requested information
- 09-19-19: ACTIVELabs sent supplementary vulnerability details to NVIDIA PSIRT
- 09-23-19: ACTIVELabs requested status update
- 09-23-19: NVIDIA PSIRT was able to reproduce the issue and patch is scheduled for release by the end of October
- 10-28-19: ACTIVELabs requested an update and provided copy of draft blog post which will be published after patch release
- 10-28-19: NVIDIA PSIRT responded with details about release dates and requested blog post for review
- 10-28-19: ACTIVELabs sent blog post draft
- 11-04-19: Patch released
- 11-06-19: NVIDIA security bulletin published
- 11-06-19: CVE-2019-5701 assigned
- 11-07-19: ACTIVELabs publishes this advisory