SB2019080640 - Improper Authentication in nVidia SHIELD TV
Published: August 6, 2019 Updated: August 7, 2019
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Improper Authentication (CVE-ID: CVE-2019-5679)
CWE-ID: CWE-287 - Improper Authentication
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local attacker to bypass authentication process.
The vulnerability exists due to the Trusted OS image is improperly authenticated in the Tegra bootloader in nvtboot. A local authenticated attacker can bypass authentication process and gain unauthorized access to the application.
This vulnerability may lead to code execution, denial of service, escalation of privileges, and information disclosure.
Remediation
Install update from vendor's website.