CVE-2019-5681

NVIDIA Shield TV Experience prior to v8.0, contains a vulnerability in the custom NVIDIA API used in the mount system service where user data could be overridden, which may lead to code execution, denial of service, or information disclosure.

CVSS v3 7.8 HIGH
CVSS v2.0 7.2 HIGH

7.8^/10

CVSS v3 : HIGH

Vector : AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.2^/10

CVSS v2.0 : HIGH

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://nvidia.custhelp.com/app/answers/detail/a_id/4804	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:google:android:-:*:*:*:*:*:*:*

cpe:2.3:a:nvidia:shield_experience:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2019-08-13 15:15

Updated : 2020-08-24 17:37

NVD link : CVE-2019-5681

Mitre link : CVE-2019-5681

CVE.ORG link : CVE-2019-5681

JSON object : View

Products Affected

nvidia

shield_experience

google

android

CWE

NVD-CWE-noinfo

{"id": "CVE-2019-5681", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2019-08-13T15:15:11.947", "references": [{"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4804", "tags": ["Vendor Advisory"], "source": "psirt@nvidia.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "NVIDIA Shield TV Experience prior to v8.0, contains a vulnerability in the custom NVIDIA API used in the mount system service where user data could be overridden, which may lead to code execution, denial of service, or information disclosure."}, {"lang": "es", "value": "NVIDIA Shield TV Experience anterior a v8.0, contiene una vulnerabilidad en la API personalizada de NVIDIA utilizada en el servicio del sistema de montaje donde los datos del usuario podr\u00edan ser anulados, lo que puede conducir a la ejecuci\u00f3n del c\u00f3digo, la denegaci\u00f3n del servicio o la divulgaci\u00f3n de informaci\u00f3n."}], "lastModified": "2020-08-24T17:37:01.140", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nvidia:shield_experience:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4913A5E8-2ED7-4AB4-838C-C6981B8FE787", "versionEndExcluding": "8.0"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@nvidia.com"}