PT-2019-17807 · Nvidia · Linux For Tegra+2

Publicado

2019-04-11

Atualizado

2019-04-25

CVE-2019-5672

CVSS v3.1

9.1

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions NVIDIA Jetson TX1 and TX2 versions prior to R28.3

Description The issue concerns the Linux for Tegra (L4T) operating system where the Secure Shell (SSH) keys provided in the sample rootfs are not replaced by unique host keys after sample rootfs generation and flashing. This may lead to information disclosure.

Recommendations For versions prior to R28.3, replace the SSH keys provided in the sample rootfs with unique host keys to prevent potential information disclosure.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-320

Identificadores relacionados

CVE-2019-5672

Produtos afetados

Linux For Tegra

Nvidia Jetson Tx1

Nvidia Jetson Tx2

PT-2019-17807 · Nvidia · Linux For Tegra+2

CVE-2019-5672

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3