Weak Encryption in NVIDIA Security Engine Affects Data Privacy
CVE-2017-6284

5.5MEDIUM

Key Information:

Vendor: Nvidia
Status: Shield Tv
Vendor: CVE Published:; 6 March 2018

What is CVE-2017-6284?

The NVIDIA Security Engine is exposed to a vulnerability that arises from a flaw in its Deterministic Random Bit Generator (DRBG). This issue occurs when the DRBG fails to adequately initialize and securely handle sensitive data, utilizing a weakened encryption mechanism. As a consequence, sensitive information may be inadequately protected, leading to potential data leakage. The nature of this vulnerability necessitates immediate attention to ensure the integrity and confidentiality of the data processed by the affected systems.

Affected Version(s)

SHIELD TV NA

References

http://nvidia.custhelp.com/app/answers/detail/a_id/4631

x_refsource_CONFIRM

https://nvidia.custhelp.com/app/answers/detail/a_id/4787

x_refsource_CONFIRM

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 6, 2018
Vulnerability Reserved
Feb 23, 2017

Nvidia

What is CVE-2017-6284?

Affected Version(s)

References

CVSS V3.1

Timeline