Lucene search

[email protected]CVE-2019-5672

HistoryApr 11, 2019 - 5:29 p.m.

CVE-2019-5672

2019-04-1117:29:00

CWE-320

[email protected]

web.nvd.nist.gov

nvidia

jetson

tx1

tx2

vulnerability

linux

tegra

l4t

r28.3

ssh

information disclosure

cve-2019-5672

nvd

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

8.5 High

AI Score

Confidence

High

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.002 Low

EPSS

Percentile

53.4%

JSON

NVIDIA Jetson TX1 and TX2 contain a vulnerability in the Linux for Tegra (L4T) operating system (on all versions prior to R28.3) where the Secure Shell (SSH) keys provided in the sample rootfs are not replaced by unique host keys after sample rootsfs generation and flashing, which may lead to information disclosure.

CPENameOperatorVersion
nvidia:jetson_tx2nvidia jetson tx2ltr28.3
nvidia:jetson_tx1nvidia jetson tx1ltr28.3

CPE	Name	Operator	Version
nvidia:jetson_tx2	nvidia jetson tx2	lt	r28.3
nvidia:jetson_tx1	nvidia jetson tx1	lt	r28.3

References

nvidia.custhelp.com/app/answers/detail/a_id/4787

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

8.5 High

AI Score

Confidence

High

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.002 Low

EPSS

Percentile

53.4%

JSON

Related for CVE-2019-5672

prion1 nvidia1