Vulnerability-Lookup

CVE-2019-5700 (GCVE-0-2019-5700)

Vulnerability from cvelistv5 – Published: 2019-10-09 21:05 – Updated: 2024-08-04 20:01

Summary

Severity ?

No CVSS data available.

CWE

code execution, denial of service, information disclosure, escalation of privileges

Assigner

nvidia

References

URL

	Vendor	Product	Version
	n/a	NVIDIA SHIELD TV	Affected: SHIELD Experience prior to v8.0.1

GSD-2019-5700

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2019-5700

Aliases

CVE-2019-5700

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-5700",
    "description": "NVIDIA Shield TV Experience prior to v8.0.1, NVIDIA Tegra software contains a vulnerability in the bootloader, where it does not validate the fields of the boot image, which may lead to code execution, denial of service, escalation of privileges, and information disclosure.",
    "id": "GSD-2019-5700"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-5700"
      ],
      "details": "NVIDIA Shield TV Experience prior to v8.0.1, NVIDIA Tegra software contains a vulnerability in the bootloader, where it does not validate the fields of the boot image, which may lead to code execution, denial of service, escalation of privileges, and information disclosure.",
      "id": "GSD-2019-5700",
      "modified": "2023-12-13T01:23:56.133641Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@nvidia.com",
        "ID": "CVE-2019-5700",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "NVIDIA SHIELD TV",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "SHIELD Experience prior to v8.0.1"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "NVIDIA Shield TV Experience prior to v8.0.1, NVIDIA Tegra software contains a vulnerability in the bootloader, where it does not validate the fields of the boot image, which may lead to code execution, denial of service, escalation of privileges, and information disclosure."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "code execution, denial of service, information disclosure, escalation of privileges"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4875",
            "refsource": "CONFIRM",
            "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4875"
          },
          {
            "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4910",
            "refsource": "CONFIRM",
            "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4910"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:nvidia:shield_experience:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "8.0.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@nvidia.com",
          "ID": "CVE-2019-5700"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "NVIDIA Shield TV Experience prior to v8.0.1, NVIDIA Tegra software contains a vulnerability in the bootloader, where it does not validate the fields of the boot image, which may lead to code execution, denial of service, escalation of privileges, and information disclosure."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4875",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4875"
            },
            {
              "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4910",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4910"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2019-12-05T08:15Z",
      "publishedDate": "2019-10-09T22:15Z"
    }
  }
}

CNVD-2019-34722

Vulnerability from cnvd - Published: 2019-10-12

Title

NVIDIA Shield TV Experience存在未明漏洞

Description

NVIDIA SHIELD TV娱乐主机是英伟达发布的一款客厅娱乐设备。 NVIDIA Shield TV Experience 8.0.1版本中的NVIDIA Tegra软件的 bootloader存在安全漏洞，该漏洞源于程序未能验证引导镜像的字段。攻击者可利用该漏洞执行代码，造成拒绝服务，提升权限及泄露信息。

Severity

高

Patch Name

NVIDIA Shield TV Experience存在未明漏洞的补丁

Patch Description

NVIDIA SHIELD TV娱乐主机是英伟达发布的一款客厅娱乐设备。 NVIDIA Shield TV Experience 8.0.1版本中的NVIDIA Tegra软件的 bootloader存在安全漏洞，该漏洞源于程序未能验证引导镜像的字段。攻击者可利用该漏洞执行代码，造成拒绝服务，提升权限及泄露信息。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://nvidia.custhelp.com/app/answers/detail/a_id/4875

Reference

https://nvd.nist.gov/vuln/detail/CVE-2019-5700

Impacted products

Name
NVIDIA Shield TV Experience 8.0.1

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-5700"
    }
  },
  "description": "NVIDIA SHIELD TV\u5a31\u4e50\u4e3b\u673a\u662f\u82f1\u4f1f\u8fbe\u53d1\u5e03\u7684\u4e00\u6b3e\u5ba2\u5385\u5a31\u4e50\u8bbe\u5907\u3002\n\nNVIDIA Shield TV Experience 8.0.1\u7248\u672c\u4e2d\u7684NVIDIA Tegra\u8f6f\u4ef6\u7684 bootloader\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u9a8c\u8bc1\u5f15\u5bfc\u955c\u50cf\u7684\u5b57\u6bb5\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4ee3\u7801\uff0c\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff0c\u63d0\u5347\u6743\u9650\u53ca\u6cc4\u9732\u4fe1\u606f\u3002",
  "discovererName": "unknwon",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://nvidia.custhelp.com/app/answers/detail/a_id/4875",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-34722",
  "openTime": "2019-10-12",
  "patchDescription": "NVIDIA SHIELD TV\u5a31\u4e50\u4e3b\u673a\u662f\u82f1\u4f1f\u8fbe\u53d1\u5e03\u7684\u4e00\u6b3e\u5ba2\u5385\u5a31\u4e50\u8bbe\u5907\u3002\r\n\r\nNVIDIA Shield TV Experience 8.0.1\u7248\u672c\u4e2d\u7684NVIDIA Tegra\u8f6f\u4ef6\u7684 bootloader\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u9a8c\u8bc1\u5f15\u5bfc\u955c\u50cf\u7684\u5b57\u6bb5\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4ee3\u7801\uff0c\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff0c\u63d0\u5347\u6743\u9650\u53ca\u6cc4\u9732\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "NVIDIA Shield TV Experience\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "NVIDIA Shield TV Experience 8.0.1"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2019-5700",
  "serverity": "\u9ad8",
  "submitTime": "2019-10-11",
  "title": "NVIDIA Shield TV Experience\u5b58\u5728\u672a\u660e\u6f0f\u6d1e"
}

VAR-201910-0296

Vulnerability from variot - Updated: 2024-11-23 22:41

NVIDIA Shield TV Experience prior to v8.0.1, NVIDIA Tegra software contains a vulnerability in the bootloader, where it does not validate the fields of the boot image, which may lead to code execution, denial of service, escalation of privileges, and information disclosure. NVIDIA SHIELD TV entertainment console is a living room entertainment device released by NVIDIA. Attackers can use this vulnerability to execute code, cause denial of service, elevate permissions, and leak information

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201910-0296",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "shield experience",
        "scope": "lt",
        "trust": 1.8,
        "vendor": "nvidia",
        "version": "8.0.1"
      },
      {
        "model": "shield tv experience",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "nvidia",
        "version": "8.0.1"
      },
      {
        "model": "shield experience",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "nvidia",
        "version": "6.3"
      },
      {
        "model": "shield experience",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "nvidia",
        "version": "8.0"
      },
      {
        "model": "shield experience",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "nvidia",
        "version": "6.2"
      },
      {
        "model": "shield experience",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "nvidia",
        "version": "7.0"
      },
      {
        "model": "shield experience",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "nvidia",
        "version": "6.0"
      },
      {
        "model": "shield experience",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "nvidia",
        "version": "7.2"
      },
      {
        "model": "shield experience",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "nvidia",
        "version": "6.1"
      },
      {
        "model": "shield experience",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "nvidia",
        "version": "7.1"
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "google",
        "version": "9.0"
      },
      {
        "model": "shield experience",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "nvidia",
        "version": "7.2.3"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-34722"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-010608"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-641"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-5700"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:nvidia:shield_experience",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-010608"
      }
    ]
  },
  "cve": "CVE-2019-5700",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2019-5700",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.9,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 8.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 6.5,
            "id": "CNVD-2019-34722",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "id": "CVE-2019-5700",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2019-5700",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2019-5700",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2019-5700",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2019-34722",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201910-641",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2019-5700",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-34722"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-5700"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-010608"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-641"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-5700"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "NVIDIA Shield TV Experience prior to v8.0.1, NVIDIA Tegra software contains a vulnerability in the bootloader, where it does not validate the fields of the boot image, which may lead to code execution, denial of service, escalation of privileges, and information disclosure. NVIDIA SHIELD TV entertainment console is a living room entertainment device released by NVIDIA. Attackers can use this vulnerability to execute code, cause denial of service, elevate permissions, and leak information",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-5700"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-010608"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-34722"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-5700"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-5700",
        "trust": 3.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-010608",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-34722",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-641",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-5700",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-34722"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-5700"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-010608"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-641"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-5700"
      }
    ]
  },
  "id": "VAR-201910-0296",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-34722"
      }
    ],
    "trust": 1.1625
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "IoT"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-34722"
      }
    ]
  },
  "last_update_date": "2024-11-23T22:41:19.857000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Answer ID 4875",
        "trust": 0.8,
        "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4875"
      },
      {
        "title": "Patch for Unknown vulnerability in NVIDIA Shield TV Experience",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/184467"
      },
      {
        "title": "NVIDIA Shield TV Experience Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99275"
      },
      {
        "title": "CVE-2019-5700",
        "trust": 0.1,
        "url": "https://github.com/oscardagrach/CVE-2019-5700 "
      },
      {
        "title": "PoC",
        "trust": 0.1,
        "url": "https://github.com/Jonathan-Elias/PoC "
      },
      {
        "title": "CVE-POC",
        "trust": 0.1,
        "url": "https://github.com/0xT11/CVE-POC "
      },
      {
        "title": "PoC-in-GitHub",
        "trust": 0.1,
        "url": "https://github.com/developer3000S/PoC-in-GitHub "
      },
      {
        "title": "PoC-in-GitHub",
        "trust": 0.1,
        "url": "https://github.com/nomi-sec/PoC-in-GitHub "
      },
      {
        "title": "PoC-in-GitHub",
        "trust": 0.1,
        "url": "https://github.com/hectorgie/PoC-in-GitHub "
      },
      {
        "title": "Threatpost",
        "trust": 0.1,
        "url": "https://threatpost.com/gamers-high-severity-intel-nvidia-flaws/149034/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-34722"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-5700"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-010608"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-641"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-20",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-010608"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-5700"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5700"
      },
      {
        "trust": 1.7,
        "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4875"
      },
      {
        "trust": 1.7,
        "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4910"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5700"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/20.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/oscardagrach/cve-2019-5700"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-34722"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-5700"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-010608"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-641"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-5700"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-34722"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-5700"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-010608"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-641"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-5700"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-10-12T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-34722"
      },
      {
        "date": "2019-10-09T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-5700"
      },
      {
        "date": "2019-10-17T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-010608"
      },
      {
        "date": "2019-10-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201910-641"
      },
      {
        "date": "2019-10-09T22:15:11.030000",
        "db": "NVD",
        "id": "CVE-2019-5700"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-10-12T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-34722"
      },
      {
        "date": "2019-12-05T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-5700"
      },
      {
        "date": "2019-10-17T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-010608"
      },
      {
        "date": "2019-12-06T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201910-641"
      },
      {
        "date": "2024-11-21T04:45:22.280000",
        "db": "NVD",
        "id": "CVE-2019-5700"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-641"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "NVIDIA Shield TV Experience Input validation vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-010608"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-641"
      }
    ],
    "trust": 0.6
  }
}

FKIE_CVE-2019-5700

Vulnerability from fkie_nvd - Published: 2019-10-09 22:15 - Updated: 2024-11-21 04:45

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
psirt@nvidia.com	https://nvidia.custhelp.com/app/answers/detail/a_id/4875	Vendor Advisory
psirt@nvidia.com	https://nvidia.custhelp.com/app/answers/detail/a_id/4910
af854a3a-2127-422b-91ae-364da2661108	https://nvidia.custhelp.com/app/answers/detail/a_id/4875	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://nvidia.custhelp.com/app/answers/detail/a_id/4910

Impacted products

	Vendor	Product	Version
	nvidia	shield_experience	*
	google	android	9.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nvidia:shield_experience:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F9EFF27-D43B-4229-AB5A-861525778077",
              "versionEndExcluding": "8.0.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DFAAD08-36DA-4C95-8200-C29FE5B6B854",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "NVIDIA Shield TV Experience prior to v8.0.1, NVIDIA Tegra software contains a vulnerability in the bootloader, where it does not validate the fields of the boot image, which may lead to code execution, denial of service, escalation of privileges, and information disclosure."
    },
    {
      "lang": "es",
      "value": "NVIDIA Shield TV Experience versiones anteriores a v8.0.1, el software NVIDIA Tegra contiene una vulnerabilidad en el cargador de arranque, donde no comprueba los campos de la imagen de arranque, lo que puede conllevar a la ejecuci\u00f3n de c\u00f3digo, denegaci\u00f3n de servicio, escalada de privilegios y divulgaci\u00f3n de informaci\u00f3n."
    }
  ],
  "id": "CVE-2019-5700",
  "lastModified": "2024-11-21T04:45:22.280",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-10-09T22:15:11.030",
  "references": [
    {
      "source": "psirt@nvidia.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4875"
    },
    {
      "source": "psirt@nvidia.com",
      "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4910"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4875"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4910"
    }
  ],
  "sourceIdentifier": "psirt@nvidia.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-2RJ6-JJXR-V6WR

Vulnerability from github – Published: 2022-05-24 16:58 – Updated: 2022-05-24 16:58

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-5700"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-10-09T22:15:00Z",
    "severity": "HIGH"
  },
  "details": "NVIDIA Shield TV Experience prior to v8.0.1, NVIDIA Tegra software contains a vulnerability in the bootloader, where it does not validate the fields of the boot image, which may lead to code execution, denial of service, escalation of privileges, and information disclosure.",
  "id": "GHSA-2rj6-jjxr-v6wr",
  "modified": "2022-05-24T16:58:36Z",
  "published": "2022-05-24T16:58:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5700"
    },
    {
      "type": "WEB",
      "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4875"
    },
    {
      "type": "WEB",
      "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4910"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2019-5700 (GCVE-0-2019-5700)

GSD-2019-5700

CNVD-2019-34722

VAR-201910-0296

FKIE_CVE-2019-5700

GHSA-2RJ6-JJXR-V6WR

Tags

Sightings

Nomenclature