Main Vulnerability Database Vulnerabilities #VU19969

Improper Authentication in SHIELD TV - CVE-2019-5679

Published: August 7, 2019

Vulnerability identifier: #VU19969

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-5679

CWE-ID: CWE-287

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
SHIELD TV

Software vendor:
nVidia

Description

The vulnerability allows a local attacker to bypass authentication process.

The vulnerability exists due to the Trusted OS image is improperly authenticated in the Tegra bootloader in nvtboot. A local authenticated attacker can bypass authentication process and gain unauthorized access to the application.

This vulnerability may lead to code execution, denial of service, escalation of privileges, and information disclosure.

Remediation

Install updates from vendor's website.

External links

https://nvidia.custhelp.com/app/answers/detail/a_id/4804

Improper Authentication in SHIELD TV - CVE-2019-5679

Description

Remediation

External links

Please verify you're human