CVE-2019-5699

{"id": "CVE-2019-5699", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2019-10-09T22:15:10.950", "references": [{"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4875", "tags": ["Vendor Advisory"], "source": "psirt@nvidia.com"}, {"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4910", "source": "psirt@nvidia.com"}, {"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4875", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4910", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "NVIDIA Shield TV Experience prior to v8.0.1, NVIDIA Tegra bootloader contains a vulnerability where the software performs an incorrect bounds check, which may lead to buffer overflow resulting in escalation of privileges and code execution. escalation of privileges, and information disclosure, code execution, denial of service, or escalation of privileges."}, {"lang": "es", "value": "NVIDIA Shield TV Experience versi\u00f3n anterior a v8.0.1, el cargador de arranque de NVIDIA Tegra contiene una vulnerabilidad en la que el software realiza una comprobaci\u00f3n de l\u00edmites incorrecta, lo que puede conllevar a un desbordamiento del b\u00fafer que resulta en una escalada de privilegios y ejecuci\u00f3n de c\u00f3digo, escalada de privilegios y divulgaci\u00f3n de informaci\u00f3n, ejecuci\u00f3n de c\u00f3digo, denegaci\u00f3n de servicio o escalada de privilegios."}], "lastModified": "2024-11-21T04:45:22.170", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nvidia:shield_experience:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7F9EFF27-D43B-4229-AB5A-861525778077", "versionEndExcluding": "8.0.1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8DFAAD08-36DA-4C95-8200-C29FE5B6B854"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@nvidia.com"}