Vulnerability Description:
The OpenSSL library included in the GameStream components of GeForce Experience prior to 2.1.1 and SHIELD Hub prior to 3.2.18713345 are subject to the recently disclosed OpenSSL SSL/TLS MITM vulnerability (CVE-2014-0224). As a result, an attacker who successfully exploited this vulnerability could potentially steal confidential GameStream session data, including the user password, as well as modify session data.
Exploit Scope and Risk:
To take advantage of this vulnerability, an attacker would need to execute a Man-In-The-Middle (MITM) attack. Such attacks are possible on wireless networks. NVIDIA is not aware of the existence of any actual exploits that leverage this vulnerability in our GameStream client.
Common Vulnerability Scoring System (CVSS) Scoring:
CVSS Base Score - 4.3
Exploitability Subscore - 3.2
Access Vector: Adjacent Network
Access Complexity: High
Authentication: None
Impact Subscore - 6.4
Confidentiality Impact: Partial
Integrity Impact: Partial
Availability Impact: Partial
CVSS Temporal Score - 3.5
Exploitability: Unproven that Exploit Exists
Remediation Level: Workaround
Report Confidence: Confirmed
CVSS Environmental Score - [determined by user]
Vulnerable Configurations:
This issue affects all Windows GameStream server computers with NVIDIA GeForce Experience prior to 2.1.1 software installed. It also affects SHIELD GameStream client devices with SHIELD Hub prior to 3.2.18713345 software installed.
To determine whether your current Windows GeForce Experience software is vulnerable, do the following:
1. Launch the GeForce Experience client from the Start menu
2. Click the Preferences tab, and examine the version number listed
To determine whether your current SHIELD software is vulnerable, do the following:
1. Launch the NVIDA SHIELD Hub app
2. Tap Settings
3. Tap About under the 3 dots in the upper-right corner and examine the version number listed
Vulnerability Discovery:
NVIDIA discovered this vulnerability internally during an assessment of products affected by the OpenSSL 05-June-2014 security advisories.
Fix:
NVIDIA has fixed this issue via an NVIDIA GeForce Experience update. To eliminate this vulnerability, we strongly recommend that end users update their systems to NVIDIA GeForce Experience version 2.1.1 or later as follows:
1. Launch the GeForce Experience client from the Start menu
2. Click the Preferences tab and select Updates in the left navigation pane
3. Click Check Now and follow the subsequent instructions
SHIELD Portable or SHIELD Tablet: To eliminate this vulnerability, we strongly recommend that end users update their systems to SHIELD Hub version 3.2.18713345 or later as follows:
If SHIELD Hub is not installed on your SHIELD Portable or SHIELD Tablet:
1. Back to Home and tap All Apps button (circle with six dots) at the center of the Favorites Tray
2. Launch Settings
3. Tap About SHIELD or About tablet
4. Tap System updates and follow the subsequent instructions
If SHIELD Hub is installed on your SHIELD Portable or SHIELD Tablet:
1. Launch Play Store app
2. Tap shopping bag with triangle on the top left
3. Tap My apps
4. Tap NVIDIA SHIELD Hub
5. Tap UPDATE and follow the subsequent instructions
Mitigations:
· Stopping and disabling the Windows NVIDIA GameStream service as follows, while reducing functionality, will eliminate this vulnerability:
1. Right-click Computer and select Manage to bring up the Computer Management console
2. Select Services and Applications and double-click Services to display the list of installed services
3. Right-click the NVIDIA Streamer Service to display its properties
4. Click Stop to stop the service, and change the Startup Type pop-up menu to Disabled
5. Click Apply and then OK to save changes, then quit the Computer Management console
This can also be done from a Windows command prompt as follows:
1. Right-click Start->Accessories->Command Prompt and select Run as Administrator.
2. Execute the following commands:
sc stop NvStreamSvc
sc config NvStreamSvc start= disabled
· Avoiding using GameStream on public WiFi networks will reduce the risk of being exploited through this vulnerability.
