Sign-up

ID

VAR-201908-0096


CVE

CVE-2019-5682


TITLE

NVIDIA Shield TV Experience Access control vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-007529

DESCRIPTION

NVIDIA Shield TV Experience prior to v8.0, contains a vulnerability in the NVIDIA Games App where it improperly exports an Activity but does not properly restrict which applications can launch the Activity, which may lead to code execution or denial of service. The NVIDIA SHIELD TV entertainment console is a living room entertainment device released by NVIDIA. There is a security hole in the NVIDIA Shield TV Experience. An attacker could exploit the vulnerability to execute code or cause a denial of service

Trust: 2.25

sources: NVD: CVE-2019-5682 // JVNDB: JVNDB-2019-007529 // CNVD: CNVD-2019-28489 // VULMON: CVE-2019-5682

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-28489

AFFECTED PRODUCTS

vendor:nvidiamodel:shield experiencescope:ltversion:8.0

Trust: 1.8

vendor:nvidiamodel:shield tv experiencescope:ltversion:8.0

Trust: 0.6

sources: CNVD: CNVD-2019-28489 // JVNDB: JVNDB-2019-007529 // NVD: CVE-2019-5682

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-5682
value: HIGH

Trust: 1.0

NVD: CVE-2019-5682
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-28489
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201908-444
value: HIGH

Trust: 0.6

VULMON: CVE-2019-5682
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-5682
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2019-28489
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-5682
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2019-28489 // VULMON: CVE-2019-5682 // JVNDB: JVNDB-2019-007529 // CNNVD: CNNVD-201908-444 // NVD: CVE-2019-5682

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-284

Trust: 0.8

sources: JVNDB: JVNDB-2019-007529 // NVD: CVE-2019-5682

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201908-444

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-201908-444

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-007529

PATCH
title:Security Bulletin: NVIDIA SHIELD TV - August 2019url:https://nvidia.custhelp.com/app/answers/detail/a_id/4804
Trust: 0.8
title:NVIDIA Shield TV Experience has an unexplained patchurl:https://www.cnvd.org.cn/patchInfo/show/176621
Trust: 0.6
title:NVIDIA Shield TV Experience Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=96181
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-28489 // 
            
            
            
            JVNDB: JVNDB-2019-007529 // 
            
            
            
            CNNVD: CNNVD-201908-444

EXTERNAL IDS
db:NVDid:CVE-2019-5682
Trust: 3.1
db:JVNDBid:JVNDB-2019-007529
Trust: 0.8
db:CNVDid:CNVD-2019-28489
Trust: 0.6
db:CNNVDid:CNNVD-201908-444
Trust: 0.6
db:VULMONid:CVE-2019-5682
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-28489 // 
            
            
            
            VULMON: CVE-2019-5682 // 
            
            
            
            JVNDB: JVNDB-2019-007529 // 
            
            
            
            CNNVD: CNNVD-201908-444 // 
            
            
            
            NVD: CVE-2019-5682

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2019-5682
Trust: 2.0
url:https://nvidia.custhelp.com/app/answers/detail/a_id/4804
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5682
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-28489 // 
            
            
            
            VULMON: CVE-2019-5682 // 
            
            
            
            JVNDB: JVNDB-2019-007529 // 
            
            
            
            CNNVD: CNNVD-201908-444 // 
            
            
            
            NVD: CVE-2019-5682

SOURCES
db:CNVDid:CNVD-2019-28489
db:VULMONid:CVE-2019-5682
db:JVNDBid:JVNDB-2019-007529
db:CNNVDid:CNNVD-201908-444
db:NVDid:CVE-2019-5682

LAST UPDATE DATE
2024-11-23T22:51:42.321000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-28489date:2019-08-22T00:00:00
db:VULMONid:CVE-2019-5682date:2020-08-24T00:00:00
db:JVNDBid:JVNDB-2019-007529date:2019-08-14T00:00:00
db:CNNVDid:CNNVD-201908-444date:2020-08-25T00:00:00
db:NVDid:CVE-2019-5682date:2024-11-21T04:45:20.357

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-28489date:2019-08-22T00:00:00
db:VULMONid:CVE-2019-5682date:2019-08-06T00:00:00
db:JVNDBid:JVNDB-2019-007529date:2019-08-14T00:00:00
db:CNNVDid:CNNVD-201908-444date:2019-08-06T00:00:00
db:NVDid:CVE-2019-5682date:2019-08-06T20:15:12.360