Vulnerability CVE-2019-5672


Published: 2019-04-11

Description:
NVIDIA Jetson TX1 and TX2 contain a vulnerability in the Linux for Tegra (L4T) operating system (on all versions prior to R28.3) where the Secure Shell (SSH) keys provided in the sample rootfs are not replaced by unique host keys after sample rootsfs generation and flashing, which may lead to information disclosure.

Type:

CWE-320

(Key Management Errors)

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.4/10
4.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
None
Affected software
Nvidia -> Jetson tx1 
Nvidia -> Jetson tx2 

 References:
https://nvidia.custhelp.com/app/answers/detail/a_id/4787

Copyright 2022, cxsecurity.com

 

Back to Top