Nvidia is a pioneer in producing high-end graphics cards for computers. The company’s hit series, GeForce variants are responsible for smoothening the heavy-graphic games and functioning of certain computer activities. These graphic processors, when purchased, comes along with an additional software client named GFE. Previously, a similar vulnerability is found on Dropbox’s update client, exploiting the service for other uses.
The Glitched Software Client
The GeForce Experience (GFE) is Nvidia’s software client that comes along with the GeForce card. This client is installed in the computer when the graphics card is set and helps in optimizing try user’s game, capturing and sharing the best moments of play and more importantly, keeping the drivers up-to-date. So, while it sits in system checking for latest updates, there’s a new vulnerability found in it that’s potential enough to exploit the host’s system. The GFE has previously been affected with similar vulnerabilities in May and November, to which, Nvidia has release patches immediately. And now there’s a new discovery with the same client, tracked as CVE-2019-5702 and can let a hacker gain enough access into the system. This vulnerability needs the hacker to exploit directly, but few tools can help him to attack remotely. While the complexity of attacking being low, it’s still possible to be entered and escalate the privileges.
Risk And Threats
This vulnerability’s severity is rated at 8.4, with maxim exploitation could be launching Denial-of-Service (DDoS) attacks. The affected softwares are of versions 3.20.2 and prior. And the company has released the new update version 3.20.2.34, which can be downloaded from the link below. If not, the user can launch the GFE client for searching updates and download from it. Direct Download link – GeForce version 3.20.2.34 Source: Nvidia GeForce blog