Details of VAR-201908-0095

ID

VAR-201908-0095

CVE

CVE-2019-5681

TITLE

NVIDIA Shield TV Experience Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-007808

DESCRIPTION

NVIDIA Shield TV Experience prior to v8.0, contains a vulnerability in the custom NVIDIA API used in the mount system service where user data could be overridden, which may lead to code execution, denial of service, or information disclosure. NVIDIA SHIELD TV is a game console device from NVIDIA. NVIDIA Shield TV has a security hole

Trust: 2.16

sources: NVD: CVE-2019-5681 // JVNDB: JVNDB-2019-007808 // CNVD: CNVD-2019-28490

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-28490

AFFECTED PRODUCTS

vendor:	nvidia	model:	shield experience	scope:	lt	version:	8.0	Trust: 1.8
vendor:	nvidia	model:	shield tv experience	scope:	lt	version:	8.0	Trust: 0.6

sources: CNVD: CNVD-2019-28490 // JVNDB: JVNDB-2019-007808 // NVD: CVE-2019-5681

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-5681
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-5681
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2019-28490
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201908-467
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2019-5681
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-28490
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2019-5681
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2019-28490 // JVNDB: JVNDB-2019-007808 // CNNVD: CNNVD-201908-467 // NVD: CVE-2019-5681

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-20	Trust: 0.8

sources: JVNDB: JVNDB-2019-007808 // NVD: CVE-2019-5681

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201908-467

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201908-467

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-007808

PATCH

title:	Answer ID 4804	url:	https://nvidia.custhelp.com/app/answers/detail/a_id/4804	Trust: 0.8
title:	NVIDIA Shield TV has an unexplained patch	url:	https://www.cnvd.org.cn/patchInfo/show/176617	Trust: 0.6
title:	NVIDIA Shield TV Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=96191	Trust: 0.6

sources: CNVD: CNVD-2019-28490 // JVNDB: JVNDB-2019-007808 // CNNVD: CNNVD-201908-467

EXTERNAL IDS

db:	NVD	id:	CVE-2019-5681	Trust: 3.0
db:	JVNDB	id:	JVNDB-2019-007808	Trust: 0.8
db:	CNVD	id:	CNVD-2019-28490	Trust: 0.6
db:	CNNVD	id:	CNNVD-201908-467	Trust: 0.6

sources: CNVD: CNVD-2019-28490 // JVNDB: JVNDB-2019-007808 // CNNVD: CNNVD-201908-467 // NVD: CVE-2019-5681

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2019-5681	Trust: 2.0
url:	https://nvidia.custhelp.com/app/answers/detail/a_id/4804	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5681	Trust: 0.8

sources: CNVD: CNVD-2019-28490 // JVNDB: JVNDB-2019-007808 // CNNVD: CNNVD-201908-467 // NVD: CVE-2019-5681

SOURCES

db:	CNVD	id:	CNVD-2019-28490
db:	JVNDB	id:	JVNDB-2019-007808
db:	CNNVD	id:	CNNVD-201908-467
db:	NVD	id:	CVE-2019-5681

LAST UPDATE DATE

2024-11-23T22:29:59.218000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-28490	date:	2019-08-22T00:00:00
db:	JVNDB	id:	JVNDB-2019-007808	date:	2019-08-21T00:00:00
db:	CNNVD	id:	CNNVD-201908-467	date:	2020-08-25T00:00:00
db:	NVD	id:	CVE-2019-5681	date:	2024-11-21T04:45:20.247

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-28490	date:	2019-08-22T00:00:00
db:	JVNDB	id:	JVNDB-2019-007808	date:	2019-08-21T00:00:00
db:	CNNVD	id:	CNNVD-201908-467	date:	2019-08-05T00:00:00
db:	NVD	id:	CVE-2019-5681	date:	2019-08-13T15:15:11.947