Sign-up

ID

VAR-201805-0894


CVE

CVE-2018-6242


TITLE

BootROM Recovery Mode Buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-004964

DESCRIPTION

Some NVIDIA Tegra mobile processors released prior to 2016 contain a buffer overflow vulnerability in BootROM Recovery Mode (RCM). An attacker with physical access to the device's USB and the ability to force the device to reboot into RCM could exploit the vulnerability to execute unverified code. BootROM Recovery Mode (RCM) Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. NVIDIA Tegramobileprocessors is a central processing unit from NVIDIA. BootROMRecoveryMode (RCM) is one of the engineering mode components that can modify the data

Trust: 2.25

sources: NVD: CVE-2018-6242 // JVNDB: JVNDB-2018-004964 // CNVD: CNVD-2018-10171 // VULMON: CVE-2018-6242

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-10171

AFFECTED PRODUCTS

vendor:nvidiamodel:tegra bootrom rcmscope:eqversion: -

Trust: 1.6

vendor:nvidiamodel:tegra recovery modescope: - version: -

Trust: 0.8

vendor:nvidiamodel:tegra mobile processorsscope:ltversion:2016

Trust: 0.6

sources: CNVD: CNVD-2018-10171 // JVNDB: JVNDB-2018-004964 // CNNVD: CNNVD-201805-001 // NVD: CVE-2018-6242

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-6242
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-6242
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2018-10171
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201805-001
value: HIGH

Trust: 0.6

VULMON: CVE-2018-6242
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-6242
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2018-10171
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2018-6242
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-10171 // VULMON: CVE-2018-6242 // JVNDB: JVNDB-2018-004964 // CNNVD: CNNVD-201805-001 // NVD: CVE-2018-6242

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.8

sources: JVNDB: JVNDB-2018-004964 // NVD: CVE-2018-6242

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201805-001

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201805-001

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-004964

PATCH
title:Answer ID 4660url:http://nvidia.custhelp.com/app/answers/detail/a_id/4660
Trust: 0.8
title:Cisco: NVIDIA TX1 Boot ROM Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20180620-nvidia-tx1-rom
Trust: 0.1
title:Kinesys-Nintendo-CVE-2018-6242url:https://github.com/Kinesys/Kinesys-Nintendo-CVE-2018-6242 
Trust: 0.1
title:fusee-launcherurl:https://github.com/Qyriad/fusee-launcher 
Trust: 0.1
title:awesome-switchurl:https://github.com/perillamint/awesome-switch 
Trust: 0.1
title:switch-fuseeurl:https://github.com/erdzan12/switch-fusee 
Trust: 0.1
title:rcm-modchipsurl:https://github.com/reswitched/rcm-modchips 
Trust: 0.1
title:de-switchurl:https://github.com/Geoselenic/de-switch 
Trust: 0.1
title:fusee-launcherurl:https://github.com/Cease-and-DeSwitch/fusee-launcher 
Trust: 0.1
title:nxbooturl:https://github.com/mologie/nxboot 
Trust: 0.1
title:fusee_wrapperurl:https://github.com/LyfeOnEdge/fusee_wrapper 
Trust: 0.1
title:fushourl:https://github.com/switchjs/fusho 
Trust: 0.1
title:DavidBuchanan314url:https://github.com/DavidBuchanan314/DavidBuchanan314 
Trust: 0.1
title:usb-device-securityurl:https://github.com/parallelbeings/usb-device-security 
Trust: 0.1
title:android-securityurl:https://github.com/alphaSeclab/android-security 
Trust: 0.1
title:PoC-in-GitHuburl:https://github.com/developer3000S/PoC-in-GitHub 
Trust: 0.1
title:CVE-POCurl:https://github.com/0xT11/CVE-POC 
Trust: 0.1
title:PoC-in-GitHuburl:https://github.com/hectorgie/PoC-in-GitHub 
Trust: 0.1
title:PoC-in-GitHuburl:https://github.com/nomi-sec/PoC-in-GitHub 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2018-6242 // 
            
            
            
            JVNDB: JVNDB-2018-004964

EXTERNAL IDS
db:NVDid:CVE-2018-6242
Trust: 3.1
db:JVNDBid:JVNDB-2018-004964
Trust: 0.8
db:CNVDid:CNVD-2018-10171
Trust: 0.6
db:CNNVDid:CNNVD-201805-001
Trust: 0.6
db:VULMONid:CVE-2018-6242
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-10171 // 
            
            
            
            VULMON: CVE-2018-6242 // 
            
            
            
            JVNDB: JVNDB-2018-004964 // 
            
            
            
            CNNVD: CNNVD-201805-001 // 
            
            
            
            NVD: CVE-2018-6242

REFERENCES
url:http://nvidia.custhelp.com/app/answers/detail/a_id/4660
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2018-6242
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-6242
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/119.html
Trust: 0.1
url:https://github.com/kinesys/kinesys-nintendo-cve-2018-6242
Trust: 0.1
url:https://github.com/qyriad/fusee-launcher
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180620-nvidia-tx1-rom
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-10171 // 
            
            
            
            VULMON: CVE-2018-6242 // 
            
            
            
            JVNDB: JVNDB-2018-004964 // 
            
            
            
            CNNVD: CNNVD-201805-001 // 
            
            
            
            NVD: CVE-2018-6242

SOURCES
db:CNVDid:CNVD-2018-10171
db:VULMONid:CVE-2018-6242
db:JVNDBid:JVNDB-2018-004964
db:CNNVDid:CNNVD-201805-001
db:NVDid:CVE-2018-6242

LAST UPDATE DATE
2024-11-23T23:05:06.744000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-10171date:2018-05-23T00:00:00
db:VULMONid:CVE-2018-6242date:2018-06-13T00:00:00
db:JVNDBid:JVNDB-2018-004964date:2018-07-02T00:00:00
db:CNNVDid:CNNVD-201805-001date:2018-05-02T00:00:00
db:NVDid:CVE-2018-6242date:2024-11-21T04:10:22.050

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-10171date:2018-05-23T00:00:00
db:VULMONid:CVE-2018-6242date:2018-05-01T00:00:00
db:JVNDBid:JVNDB-2018-004964date:2018-07-02T00:00:00
db:CNNVDid:CNNVD-201805-001date:2018-05-02T00:00:00
db:NVDid:CVE-2018-6242date:2018-05-01T20:29:00.280