How severe is CVE-2022-42291?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.5 out of 10.

What type of vulnerability is CVE-2022-42291?

This is classified as CWE-1386, which is a common weakness in software security.

CVE-2022-42291 - MEDIUM Severity | CVSS 5.5

Vulnerability Description

NVIDIA GeForce Experience contains a vulnerability in the installer, where a user installing the NVIDIA GeForce Experience software may inadvertently delete data from a linked location, which may lead to data tampering. An attacker does not have explicit control over the exploitation of this vulnerability, which requires the user to explicitly launch the installer from the compromised directory.

Related Vulnerabilities

CVE-2023-32470

MEDIUM

CVSS:5.5(Medium)

Dell Digital Delivery versions prior to 5.0.82.0 contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability to c...

CWE-13862023

CVE-2023-32474

MEDIUM

CVSS:6.6(Medium)

Dell Display Manager application, version 2.1.1.17 and prior, contain an insecure operation on windows junction/mount point. A local malicious user could potentially exploit this vulnerability during ...

CWE-13862023

CVE-2024-36340

MEDIUM

CVSS:6.6(Medium)

A junction point vulnerability within AMD uProf can allow a local low-privileged attacker to create junction points, potentially resulting in arbitrary file deletion or disclosure.

CWE-13862024

CVE-2023-23698

HIGH

CVSS:7.1(High)

Dell Command | Update, Dell Update, and Alienware Update versions before 4.6.0 and 4.7.1 contain Insecure Operation on Windows Junction in the installer component. A local malicious user may potential...

CWE-13862023

CVE-2023-28071

HIGH

CVSS:7.1(High)

Dell Command | Update, Dell Update, and Alienware Update versions 4.9.0, A01 and prior contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could poten...

CWE-13862023

CVE-2023-32454

HIGH

CVSS:7.1(High)

DUP framework version 4.9.4.36 and prior contains insecure operation on Windows junction/Mount point vulnerability. A local malicious standard user could exploit the vulnerability to create arbitrary ...

CWE-13862023