Vulnerability Name:

CVE-2016-3161 (CCN-117496)

Assigned:2016-08-22
Published:2016-08-22
Updated:2016-12-15
Summary:For the NVIDIA Quadro, NVS, and GeForce products, GFE GameStream and NVTray Plugin unquoted service path vulnerabilities are examples of the unquoted service path vulnerability in Windows. A successful exploit of a vulnerable service installation can enable malicious code to execute on the system at the system/user privilege level. The CVE-2016-3161 ID is for the GameStream unquoted service path.

CWE-428: Unquoted Search Path or Element
CVSS v3 Severity:7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
6.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
7.8 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
6.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
6.8 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Privileges
References:Source: MITRE
Type: CNA
CVE-2016-3161

Source: CONFIRM
Type: Patch, Vendor Advisory
http://nvidia.custhelp.com/app/answers/detail/a_id/4213

Source: CCN
Type: NVIDIA Security Bulletin 4213
Multiple vulnerabilities affect Quadro, NVS, and GeForce Windows based systems

Source: BID
Type: UNKNOWN
93251

Source: XF
Type: UNKNOWN
nvidia-cve20163161-priv-esc(117496)

Source: CCN
Type: Lenovo Security Advisory: LEN-9334
Denial of Service Vulnerabilities in NVidia Drivers that affect Quadro, NVS and GeForce Windows-based Systems

Source: CONFIRM
Type: UNKNOWN
https://support.lenovo.com/us/en/product_security/ps500070

Vulnerable Configuration:Configuration 1:
  • cpe:/a:nvidia:geforce_experience:*:*:*:*:*:*:*:* (Version <= -)
  • AND
  • cpe:/h:nvidia:geforce_910m:-:*:*:*:*:*:*:*
  • OR cpe:/h:nvidia:geforce_920m:-:*:*:*:*:*:*:*
  • OR cpe:/h:nvidia:geforce_920mx:-:*:*:*:*:*:*:*
  • OR cpe:/h:nvidia:geforce_930m:-:*:*:*:*:*:*:*
  • OR cpe:/h:nvidia:geforce_930mx:-:*:*:*:*:*:*:*
  • OR cpe:/h:nvidia:geforce_940m:-:*:*:*:*:*:*:*
  • OR cpe:/h:nvidia:geforce_940mx:-:*:*:*:*:*:*:*
  • OR cpe:/h:nvidia:geforce_945m:-:*:*:*:*:*:*:*
  • OR cpe:/h:nvidia:geforce_gt_710:-:*:*:*:*:*:*:*
  • OR cpe:/h:nvidia:geforce_gt_730:-:*:*:*:*:*:*:*
  • OR cpe:/h:nvidia:geforce_gtx_1050:-:*:*:*:*:*:*:*
  • OR cpe:/h:nvidia:geforce_gtx_1060:-:*:*:*:*:*:*:*
  • OR cpe:/h:nvidia:geforce_gtx_1070:-:*:*:*:*:*:*:*
  • OR cpe:/h:nvidia:geforce_gtx_1080:-:*:*:*:*:*:*:*
  • OR cpe:/h:nvidia:geforce_gtx_950m:-:*:*:*:*:*:*:*
  • OR cpe:/h:nvidia:geforce_gtx_960m:-:*:*:*:*:*:*:*
  • OR cpe:/h:nvidia:geforce_gtx_965m:-:*:*:*:*:*:*:*
  • OR cpe:/h:nvidia:nvs_310:-:*:*:*:*:*:*:*
  • OR cpe:/h:nvidia:nvs_315:-:*:*:*:*:*:*:*
  • OR cpe:/h:nvidia:nvs_510:-:*:*:*:*:*:*:*
  • OR cpe:/h:nvidia:nvs_810:-:*:*:*:*:*:*:*
  • OR cpe:/h:nvidia:quadro_k1200:-:*:*:*:*:*:*:*
  • OR cpe:/h:nvidia:quadro_k420:-:*:*:*:*:*:*:*
  • OR cpe:/h:nvidia:quadro_k620:-:*:*:*:*:*:*:*
  • OR cpe:/h:nvidia:quadro_m1000m:-:*:*:*:*:*:*:*
  • OR cpe:/h:nvidia:quadro_m2000:-:*:*:*:*:*:*:*
  • OR cpe:/h:nvidia:quadro_m2000m:-:*:*:*:*:*:*:*
  • OR cpe:/h:nvidia:quadro_m3000m:-:*:*:*:*:*:*:*
  • OR cpe:/h:nvidia:quadro_m4000:-:*:*:*:*:*:*:*
  • OR cpe:/h:nvidia:quadro_m4000m:-:*:*:*:*:*:*:*
  • OR cpe:/h:nvidia:quadro_m5000:-:*:*:*:*:*:*:*
  • OR cpe:/h:nvidia:quadro_m5000m:-:*:*:*:*:*:*:*
  • OR cpe:/h:nvidia:quadro_m500m:-:*:*:*:*:*:*:*
  • OR cpe:/h:nvidia:quadro_m5500:-:*:*:*:*:*:*:*
  • OR cpe:/h:nvidia:quadro_m6000:-:*:*:*:*:*:*:*
  • OR cpe:/h:nvidia:quadro_m600m:-:*:*:*:*:*:*:*
  • OR cpe:/h:nvidia:quadro_p5000:-:*:*:*:*:*:*:*
  • OR cpe:/h:nvidia:quadro_p6000:-:*:*:*:*:*:*:*
  • OR cpe:/h:nvidia:titan_x:-:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    nvidia geforce experience *
    nvidia geforce 910m -
    nvidia geforce 920m -
    nvidia geforce 920mx -
    nvidia geforce 930m -
    nvidia geforce 930mx -
    nvidia geforce 940m -
    nvidia geforce 940mx -
    nvidia geforce 945m -
    nvidia geforce gt 710 -
    nvidia geforce gt 730 -
    nvidia geforce gtx 1050 -
    nvidia geforce gtx 1060 -
    nvidia geforce gtx 1070 -
    nvidia geforce gtx 1080 -
    nvidia geforce gtx 950m -
    nvidia geforce gtx 960m -
    nvidia geforce gtx 965m -
    nvidia nvs 310 -
    nvidia nvs 315 -
    nvidia nvs 510 -
    nvidia nvs 810 -
    nvidia quadro k1200 -
    nvidia quadro k420 -
    nvidia quadro k620 -
    nvidia quadro m1000m -
    nvidia quadro m2000 -
    nvidia quadro m2000m -
    nvidia quadro m3000m -
    nvidia quadro m4000 -
    nvidia quadro m4000m -
    nvidia quadro m5000 -
    nvidia quadro m5000m -
    nvidia quadro m500m -
    nvidia quadro m5500 -
    nvidia quadro m6000 -
    nvidia quadro m600m -
    nvidia quadro p5000 -
    nvidia quadro p6000 -
    nvidia titan x -