CVE-2019-5672

CWE-3203 documents3 sources
Severity
9.1CRITICAL
EPSS
0.3%
top 48.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Nvidia Jetson TX1Nvidia Jetson TX2Nvidia Jetson TX1 AND TX2
Timeline
PublishedApr 11
Latest updateMay 14

Description

NVIDIA Jetson TX1 and TX2 contain a vulnerability in the Linux for Tegra (L4T) operating system (on all versions prior to R28.3) where the Secure Shell (SSH) keys provided in the sample rootfs are not replaced by unique host keys after sample rootsfs generation and flashing, which may lead to information disclosure.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 3.9 | Impact: 5.2

Affected Packages3 packages

NVDnvidia/jetson_tx1< r28.3
NVDnvidia/jetson_tx2< r28.3
CVEListV5nvidia/jetson_tx1_and_tx2All versions prior to version R28.3

🔴Vulnerability Details

2
GHSA
GHSA-rchx-wqgr-v8cg: NVIDIA Jetson TX1 and TX2 contain a vulnerability in the Linux for Tegra (L4T) operating system (on all versions prior to R282022-05-14
CVEList
CVE-2019-5672: NVIDIA Jetson TX1 and TX2 contain a vulnerability in the Linux for Tegra (L4T) operating system (on all versions prior to R282019-04-11
CVE-2019-5672 (CRITICAL CVSS 9.1) | NVIDIA Jetson TX1 and TX2 contain a | cvebase.io