Sign-up

ID

VAR-201908-0094


CVE

CVE-2019-5679


TITLE

NVIDIA Shield TV Experience Vulnerabilities related to authorization, permissions, and access control

Trust: 0.8

sources: JVNDB: JVNDB-2019-007528

DESCRIPTION

NVIDIA Shield TV Experience prior to v8.0, NVIDIA Tegra bootloader contains a vulnerability in nvtboot where the Trusted OS image is improperly authenticated, which may lead to code execution, denial of service, escalation of privileges, and information disclosure, code execution, denial of service, or escalation of privileges. The NVIDIA SHIELD TV entertainment console is a living room entertainment device released by NVIDIA

Trust: 2.16

sources: NVD: CVE-2019-5679 // JVNDB: JVNDB-2019-007528 // CNVD: CNVD-2019-28488

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-28488

AFFECTED PRODUCTS

vendor:nvidiamodel:shield experiencescope:ltversion:8.0

Trust: 1.8

vendor:nvidiamodel:shield tv experiencescope:ltversion:8.0

Trust: 0.6

sources: CNVD: CNVD-2019-28488 // JVNDB: JVNDB-2019-007528 // NVD: CVE-2019-5679

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-5679
value: HIGH

Trust: 1.0

NVD: CVE-2019-5679
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-28488
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201908-443
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2019-5679
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-28488
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-5679
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2019-28488 // JVNDB: JVNDB-2019-007528 // CNNVD: CNNVD-201908-443 // NVD: CVE-2019-5679

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.0

problemtype:CWE-264

Trust: 0.8

sources: JVNDB: JVNDB-2019-007528 // NVD: CVE-2019-5679

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201908-443

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201908-443

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-007528

PATCH
title:Security Bulletin: NVIDIA SHIELD TV - August 2019url:https://nvidia.custhelp.com/app/answers/detail/a_id/4804
Trust: 0.8
title:Patch for NVIDIA Shield TV Experience Permissions and Access Control Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/176623
Trust: 0.6
title:NVIDIA Shield TV Experience Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=96180
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-28488 // 
            
            
            
            JVNDB: JVNDB-2019-007528 // 
            
            
            
            CNNVD: CNNVD-201908-443

EXTERNAL IDS
db:NVDid:CVE-2019-5679
Trust: 3.0
db:JVNDBid:JVNDB-2019-007528
Trust: 0.8
db:CNVDid:CNVD-2019-28488
Trust: 0.6
db:CNNVDid:CNNVD-201908-443
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-28488 // 
            
            
            
            JVNDB: JVNDB-2019-007528 // 
            
            
            
            CNNVD: CNNVD-201908-443 // 
            
            
            
            NVD: CVE-2019-5679

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2019-5679
Trust: 2.0
url:https://nvidia.custhelp.com/app/answers/detail/a_id/4804
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5679
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2019-28488 // 
            
            
            
            JVNDB: JVNDB-2019-007528 // 
            
            
            
            CNNVD: CNNVD-201908-443 // 
            
            
            
            NVD: CVE-2019-5679

SOURCES
db:CNVDid:CNVD-2019-28488
db:JVNDBid:JVNDB-2019-007528
db:CNNVDid:CNNVD-201908-443
db:NVDid:CVE-2019-5679

LAST UPDATE DATE
2024-11-23T22:06:06.925000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-28488date:2019-08-22T00:00:00
db:JVNDBid:JVNDB-2019-007528date:2019-08-14T00:00:00
db:CNNVDid:CNNVD-201908-443date:2020-08-25T00:00:00
db:NVDid:CVE-2019-5679date:2024-11-21T04:45:20.007

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-28488date:2019-08-22T00:00:00
db:JVNDBid:JVNDB-2019-007528date:2019-08-14T00:00:00
db:CNNVDid:CNNVD-201908-443date:2019-08-06T00:00:00
db:NVDid:CVE-2019-5679date:2019-08-06T20:15:12.190