CVE-2019-5672
First published: Thu Apr 11 2019(Updated: )
NVIDIA Jetson TX1 and TX2 contain a vulnerability in the Linux for Tegra (L4T) operating system (on all versions prior to R28.3) where the Secure Shell (SSH) keys provided in the sample rootfs are not replaced by unique host keys after sample rootsfs generation and flashing, which may lead to information disclosure.
Credit: psirt@nvidia.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| NVIDIA Jetson TX1 | <r28.3 | |
| NVIDIA Jetson TX2 | <r28.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this NVIDIA Jetson TX1 and TX2 vulnerability?
The vulnerability ID for this NVIDIA Jetson TX1 and TX2 vulnerability is CVE-2019-5672.
What is the severity level of CVE-2019-5672?
The severity level of CVE-2019-5672 is critical with a severity value of 9.1.
What is affected by CVE-2019-5672?
NVIDIA Jetson TX1 and TX2 running Linux for Tegra (L4T) operating system versions prior to R28.3 are affected by CVE-2019-5672.
How does CVE-2019-5672 affect NVIDIA Jetson TX1 and TX2?
CVE-2019-5672 in NVIDIA Jetson TX1 and TX2 allows unauthorized access to the system through SSH due to the use of insecure default SSH keys.
How can I mitigate the vulnerability described in CVE-2019-5672?
To mitigate CVE-2019-5672, NVIDIA recommends generating and using unique SSH host keys on NVIDIA Jetson TX1 and TX2 devices.
- collector/nvd-index
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/description
- agent/type
- agent/event
- agent/softwarecombine
- agent/last-modified-date
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/nvidia
- canonical/nvidia jetson tx1
- canonical/nvidia jetson tx2