Sign-up

ID

VAR-201803-1356


CVE

CVE-2017-6284


TITLE

NVIDIA Security Engine Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2017-012850

DESCRIPTION

NVIDIA Security Engine contains a vulnerability in the Deterministic Random Bit Generator (DRBG) where the DRBG does not properly initialize and store or transmits sensitive data using a weakened encryption scheme that is unable to protect sensitive data which may lead to information disclosure.This issue is rated as moderate. NVIDIA Security Engine Contains information disclosure vulnerabilities and cryptographic strength vulnerabilities.Information may be obtained. NVIDIASHIELDTV is a game console device from NVIDIA. SecurityEngine is one of the security engines. DeterministicRandomBitGenerator (DRBG) is one of the deterministic random bit generators. A security vulnerability exists in SecurityEngine's DRBG in NVIDIASHIELDTVSE 6.2 and earlier. An attacker could exploit this vulnerability to obtain sensitive information

Trust: 2.25

sources: NVD: CVE-2017-6284 // JVNDB: JVNDB-2017-012850 // CNVD: CNVD-2018-05984 // VULHUB: VHN-114487

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-05984

AFFECTED PRODUCTS

vendor:googlemodel:androidscope:eqversion: -

Trust: 1.6

vendor:nvidiamodel:shield tvscope:lteversion:6.2

Trust: 1.0

vendor:googlemodel:androidscope: - version: -

Trust: 0.8

vendor:nvidiamodel:shield tvscope: - version: -

Trust: 0.8

vendor:nvidiamodel:security enginescope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2018-05984 // JVNDB: JVNDB-2017-012850 // CNNVD: CNNVD-201803-177 // NVD: CVE-2017-6284

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-6284
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-6284
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2018-05984
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201803-177
value: MEDIUM

Trust: 0.6

VULHUB: VHN-114487
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2017-6284
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-05984
severity: MEDIUM
baseScore: 6.6
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 9.2
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-114487
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-6284
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-05984 // VULHUB: VHN-114487 // JVNDB: JVNDB-2017-012850 // CNNVD: CNNVD-201803-177 // NVD: CVE-2017-6284

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

problemtype:CWE-326

Trust: 1.9

sources: VULHUB: VHN-114487 // JVNDB: JVNDB-2017-012850 // NVD: CVE-2017-6284

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201803-177

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201803-177

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-012850

PATCH
title:トップページurl:https://www.android.com/intl/ja_jp/phones/
Trust: 0.8
title:Answer ID 4631url:http://nvidia.custhelp.com/app/answers/detail/a_id/4631
Trust: 0.8
title:NVIDIASHIELDTVSecurityEngineDeterministicRandomBitGenerator Information Disclosure Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/122739
Trust: 0.6
title:NVIDIA SHIELD TV Security Engine Deterministic Random Bit Generator Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=78938
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-05984 // 
            
            
            
            JVNDB: JVNDB-2017-012850 // 
            
            
            
            CNNVD: CNNVD-201803-177

EXTERNAL IDS
db:NVDid:CVE-2017-6284
Trust: 3.1
db:JVNDBid:JVNDB-2017-012850
Trust: 0.8
db:CNNVDid:CNNVD-201803-177
Trust: 0.7
db:CNVDid:CNVD-2018-05984
Trust: 0.6
db:VULHUBid:VHN-114487
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-05984 // 
            
            
            
            VULHUB: VHN-114487 // 
            
            
            
            JVNDB: JVNDB-2017-012850 // 
            
            
            
            CNNVD: CNNVD-201803-177 // 
            
            
            
            NVD: CVE-2017-6284

REFERENCES
url:http://nvidia.custhelp.com/app/answers/detail/a_id/4631
Trust: 2.3
url:https://nvidia.custhelp.com/app/answers/detail/a_id/4787
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6284
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-6284
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2018-05984 // 
            
            
            
            VULHUB: VHN-114487 // 
            
            
            
            JVNDB: JVNDB-2017-012850 // 
            
            
            
            CNNVD: CNNVD-201803-177 // 
            
            
            
            NVD: CVE-2017-6284

SOURCES
db:CNVDid:CNVD-2018-05984
db:VULHUBid:VHN-114487
db:JVNDBid:JVNDB-2017-012850
db:CNNVDid:CNNVD-201803-177
db:NVDid:CVE-2017-6284

LAST UPDATE DATE
2024-11-23T22:48:45.869000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-05984date:2018-03-22T00:00:00
db:VULHUBid:VHN-114487date:2019-04-02T00:00:00
db:JVNDBid:JVNDB-2017-012850date:2018-04-24T00:00:00
db:CNNVDid:CNNVD-201803-177date:2019-04-03T00:00:00
db:NVDid:CVE-2017-6284date:2024-11-21T03:29:27.493

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-05984date:2018-03-22T00:00:00
db:VULHUBid:VHN-114487date:2018-03-06T00:00:00
db:JVNDBid:JVNDB-2017-012850date:2018-04-24T00:00:00
db:CNNVDid:CNNVD-201803-177date:2018-03-07T00:00:00
db:NVDid:CVE-2017-6284date:2018-03-06T16:29:00.387