Main Vulnerability Database Vulnerabilities #VU19970

Improper access control in SHIELD TV - CVE-2019-5682

Published: August 7, 2019

Vulnerability identifier: #VU19970

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-5682

CWE-ID: CWE-284

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: nVidia

Affected software:
SHIELD TV

Detailed vulnerability description

The vulnerability allows a local attacker to gain unauthorized access to sensitive information.

The vulnerability exists due to improper access restrictions in the Games App where it improperly exports an Activity but does not properly restrict which applications can launch the Activity. A local authenticated attacker can gain unauthorized access to the application.

This vulnerability may lead to code execution or denial of service.

How to mitigate CVE-2019-5682

Install updates from vendor's website.

Sources

https://nvidia.custhelp.com/app/answers/detail/a_id/4804

Improper access control in SHIELD TV - CVE-2019-5682

Detailed vulnerability description

How to mitigate CVE-2019-5682

Sources

Please verify you're human