CVE-2019-5672 - NVIDIA Jetson TX1 and TX2 contain a vulnerability in the Linux for Tegra (L4T) operating system (on

CVE-2019-5672

Summary

NVIDIA Jetson TX1 and TX2 contain a vulnerability in the Linux for Tegra (L4T) operating system (on all versions prior to R28.3) where the Secure Shell (SSH) keys provided in the sample rootfs are not replaced by unique host keys after sample rootsfs generation and flashing, which may lead to information disclosure.

References

https://nvidia.custhelp.com/app/answers/detail/a_id/4787

Vulnerable Configurations

cpe:2.3:a:nvidia:jetson_tx1:r21:*:*:*:*:*:*:*
cpe:2.3:a:nvidia:jetson_tx1:r21:*:*:*:*:*:*:*
cpe:2.3:a:nvidia:jetson_tx1:r24:*:*:*:*:*:*:*
cpe:2.3:a:nvidia:jetson_tx1:r24:*:*:*:*:*:*:*
cpe:2.3:a:nvidia:jetson_tx2:r28.1:*:*:*:*:*:*:*
cpe:2.3:a:nvidia:jetson_tx2:r28.1:*:*:*:*:*:*:*
cpe:2.3:a:nvidia:jetson_tx2:r28.2.1:*:*:*:*:*:*:*
cpe:2.3:a:nvidia:jetson_tx2:r28.2.1:*:*:*:*:*:*:*

CVSS

Base:	6.4 (as of 25-04-2019 - 12:44)
Impact:
Exploitability:

CWE

CWE-320

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:N

refmap via4

confirm

https://nvidia.custhelp.com/app/answers/detail/a_id/4787

Last major update

25-04-2019 - 12:44

Published

11-04-2019 - 17:29

Last modified

25-04-2019 - 12:44