CVE-2017-6284

EPSS 0.01%
Published 06.03.2018 16:29:00
Last modified 21.11.2024 03:29:27
Source psirt@nvidia.com
Teams watchlist Login
Open Login

NVIDIA Security Engine contains a vulnerability in the Deterministic Random Bit Generator (DRBG) where the DRBG does not properly initialize and store or transmits sensitive data using a weakened encryption scheme that is unable to protect sensitive data which may lead to information disclosure.This issue is rated as moderate.

Affected products Warnungen 0 Metrics 3 CWE 2 References 5

Data is provided by the National Vulnerability Database (NVD)

Nvidia ≫ Shield Tv Firmware Version <= 6.2

Nvidia ≫ Shield Tv Version-

Google ≫ Android Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.01%	0.003

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CWE-326 Inadequate Encryption Strength

The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

https://nvidia.custhelp.com/app/answers/detail/a_id/4787

http://nvidia.custhelp.com/app/answers/detail/a_id/4631

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2017-6284

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-6284

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-6284

EUVD