Improper Authentication in SHIELD TV - CVE-2019-5679

 

Improper Authentication in SHIELD TV - CVE-2019-5679

Published: August 7, 2019


Vulnerability identifier: #VU19969
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2019-5679
CWE-ID: CWE-287
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: nVidia
Affected software:
SHIELD TV

Detailed vulnerability description

The vulnerability allows a local attacker to bypass authentication process.

The vulnerability exists due to the Trusted OS image is improperly authenticated in the Tegra bootloader in nvtboot. A local authenticated attacker can bypass authentication process and gain unauthorized access to the application.

This vulnerability may lead to code execution, denial of service, escalation of privileges, and information disclosure.


How to mitigate CVE-2019-5679

Install updates from vendor's website.

Sources