Sign-up

ID

VAR-201910-0295


CVE

CVE-2019-5699


TITLE

NVIDIA Shield TV Experience Buffer error vulnerability

Trust: 1.4

sources: JVNDB: JVNDB-2019-010613 // CNNVD: CNNVD-201910-638

DESCRIPTION

NVIDIA Shield TV Experience prior to v8.0.1, NVIDIA Tegra bootloader contains a vulnerability where the software performs an incorrect bounds check, which may lead to buffer overflow resulting in escalation of privileges and code execution. escalation of privileges, and information disclosure, code execution, denial of service, or escalation of privileges. NVIDIA SHIELD TV entertainment console is a living room entertainment device released by NVIDIA. This vulnerability originates from incorrect boundary checks performed by programs

Trust: 2.16

sources: NVD: CVE-2019-5699 // JVNDB: JVNDB-2019-010613 // CNVD: CNVD-2019-36994

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-36994

AFFECTED PRODUCTS

vendor:nvidiamodel:shield experiencescope:ltversion:8.0.1

Trust: 1.8

vendor:nvidiamodel:shield tv experiencescope:ltversion:8.0.1

Trust: 0.6

vendor:nvidiamodel:shield experiencescope:eqversion:6.3

Trust: 0.6

vendor:nvidiamodel:shield experiencescope:eqversion:8.0

Trust: 0.6

vendor:nvidiamodel:shield experiencescope:eqversion:6.2

Trust: 0.6

vendor:nvidiamodel:shield experiencescope:eqversion:7.0

Trust: 0.6

vendor:nvidiamodel:shield experiencescope:eqversion:6.0

Trust: 0.6

vendor:nvidiamodel:shield experiencescope:eqversion:7.2

Trust: 0.6

vendor:nvidiamodel:shield experiencescope:eqversion:6.1

Trust: 0.6

vendor:nvidiamodel:shield experiencescope:eqversion:7.1

Trust: 0.6

vendor:googlemodel:androidscope:eqversion:9.0

Trust: 0.6

vendor:nvidiamodel:shield experiencescope:eqversion:7.2.3

Trust: 0.6

sources: CNVD: CNVD-2019-36994 // JVNDB: JVNDB-2019-010613 // CNNVD: CNNVD-201910-638 // NVD: CVE-2019-5699

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-5699
value: HIGH

Trust: 1.0

NVD: CVE-2019-5699
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-36994
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201910-638
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2019-5699
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-36994
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-5699
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-5699
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2019-36994 // JVNDB: JVNDB-2019-010613 // CNNVD: CNNVD-201910-638 // NVD: CVE-2019-5699

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.8

sources: JVNDB: JVNDB-2019-010613 // NVD: CVE-2019-5699

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201910-638

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201910-638

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-010613

PATCH
title:Answer ID 4875url:https://nvidia.custhelp.com/app/answers/detail/a_id/4875
Trust: 0.8
title:Patch for NVIDIA Shield TV Experience Buffer Overflow Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/186907
Trust: 0.6
title:NVIDIA Shield TV Experience Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99273
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-36994 // 
            
            
            
            JVNDB: JVNDB-2019-010613 // 
            
            
            
            CNNVD: CNNVD-201910-638

EXTERNAL IDS
db:NVDid:CVE-2019-5699
Trust: 3.0
db:JVNDBid:JVNDB-2019-010613
Trust: 0.8
db:CNVDid:CNVD-2019-36994
Trust: 0.6
db:CNNVDid:CNNVD-201910-638
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-36994 // 
            
            
            
            JVNDB: JVNDB-2019-010613 // 
            
            
            
            CNNVD: CNNVD-201910-638 // 
            
            
            
            NVD: CVE-2019-5699

REFERENCES
url:https://nvidia.custhelp.com/app/answers/detail/a_id/4875
Trust: 2.2
url:https://nvd.nist.gov/vuln/detail/cve-2019-5699
Trust: 2.0
url:https://nvidia.custhelp.com/app/answers/detail/a_id/4910
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5699
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2019-36994 // 
            
            
            
            JVNDB: JVNDB-2019-010613 // 
            
            
            
            CNNVD: CNNVD-201910-638 // 
            
            
            
            NVD: CVE-2019-5699

SOURCES
db:CNVDid:CNVD-2019-36994
db:JVNDBid:JVNDB-2019-010613
db:CNNVDid:CNNVD-201910-638
db:NVDid:CVE-2019-5699

LAST UPDATE DATE
2024-11-23T21:51:57.286000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-36994date:2019-10-24T00:00:00
db:JVNDBid:JVNDB-2019-010613date:2019-10-17T00:00:00
db:CNNVDid:CNNVD-201910-638date:2019-12-06T00:00:00
db:NVDid:CVE-2019-5699date:2024-11-21T04:45:22.170

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-36994date:2019-10-24T00:00:00
db:JVNDBid:JVNDB-2019-010613date:2019-10-17T00:00:00
db:CNNVDid:CNNVD-201910-638date:2019-10-09T00:00:00
db:NVDid:CVE-2019-5699date:2019-10-09T22:15:10.950