cve-2021-34393
Vulnerability from cvelistv5
Published
2021-06-22 21:25
Modified
2024-08-04 00:12
Severity ?
4.2 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N
Summary
Trusty contains a vulnerability in TSEC TA which deserializes the incoming messages even though the TSEC TA does not expose any command. This vulnerability might allow an attacker to exploit the deserializer to impact code execution, causing information disclosure.
References
psirt@nvidia.comhttps://nvidia.custhelp.com/app/answers/detail/a_id/5205Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://nvidia.custhelp.com/app/answers/detail/a_id/5205Vendor Advisory
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T00:12:50.021Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5205"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "NVIDIA Jetson TX2 series, TX2 NX, AGX Xavier series, Xavier NX",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All Jetson Linux versions prior to r32.5.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Trusty contains a vulnerability in TSEC TA which deserializes the incoming messages even though the TSEC TA does not expose any command. This vulnerability might allow an attacker to exploit the deserializer to impact code execution, causing information disclosure."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "information disclosure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-22T21:25:27",
        "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "shortName": "nvidia"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5205"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@nvidia.com",
          "ID": "CVE-2021-34393",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "NVIDIA Jetson TX2 series, TX2 NX, AGX Xavier series, Xavier NX",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All Jetson Linux versions prior to r32.5.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "NVIDIA"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Trusty contains a vulnerability in TSEC TA which deserializes the incoming messages even though the TSEC TA does not expose any command. This vulnerability might allow an attacker to exploit the deserializer to impact code execution, causing information disclosure."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "information disclosure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5205",
              "refsource": "CONFIRM",
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5205"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
    "assignerShortName": "nvidia",
    "cveId": "CVE-2021-34393",
    "datePublished": "2021-06-22T21:25:27",
    "dateReserved": "2021-06-09T00:00:00",
    "dateUpdated": "2024-08-04T00:12:50.021Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:nvidia:jetson_linux:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"32.5.1\", \"matchCriteriaId\": \"E8941F71-0292-414E-AEA5-DD55EA3C2009\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:nvidia:jetson_agx_xavier_16gb:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E0E081CB-B6EC-42DC-BA04-BCA13C17D190\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:nvidia:jetson_agx_xavier_32gb:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4F92D471-8E65-41FC-A5DE-255136F6F989\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:nvidia:jetson_agx_xavier_8gb:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E29459F7-997A-4B87-9164-6E3B5158ADC3\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:nvidia:jetson_tx1:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"86D1FDAD-C594-43D9-9BF6-F7461177AB91\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:nvidia:jetson_tx2:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DE9D4A55-A232-4AF2-B7E9-CD58D7D17479\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:nvidia:jetson_tx2_4gb:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"71994F94-5279-4107-99F5-48990AE0C686\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:nvidia:jetson_tx2_nx:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"64C3FB58-08AA-4FE4-97BE-21B254BA229F\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:nvidia:jetson_tx2i:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5DF55ABB-1B4F-452E-9D84-C01A638F88A0\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:nvidia:jetson_xavier_nx:-:*:developer_kit:*:*:*:*:*\", \"matchCriteriaId\": \"3E54B955-F0E2-44BD-9B8C-3C788BBCF2A9\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:nvidia:jetson_xavier_nx:-:*:production:*:*:*:*:*\", \"matchCriteriaId\": \"3E0C93C3-26F6-48E4-BADA-4DB05A7BA9D1\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Trusty contains a vulnerability in TSEC TA which deserializes the incoming messages even though the TSEC TA does not expose any command. This vulnerability might allow an attacker to exploit the deserializer to impact code execution, causing information disclosure.\"}, {\"lang\": \"es\", \"value\": \"Trusty contiene una vulnerabilidad en TSEC TA que deserializa los mensajes entrantes incluso aunque el TSEC TA no exponga ning\\u00fan comando. Esta vulnerabilidad podr\\u00eda permitir a un atacante explotar el deserializador para impactar en la ejecuci\\u00f3n de c\\u00f3digo, causando divulgaci\\u00f3n de informaci\\u00f3n\"}]",
      "id": "CVE-2021-34393",
      "lastModified": "2024-11-21T06:10:18.307",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"psirt@nvidia.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N\", \"baseScore\": 4.2, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 0.6, \"impactScore\": 3.6}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 4.4, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 0.8, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 2.1, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 3.9, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2021-06-22T22:15:09.210",
      "references": "[{\"url\": \"https://nvidia.custhelp.com/app/answers/detail/a_id/5205\", \"source\": \"psirt@nvidia.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://nvidia.custhelp.com/app/answers/detail/a_id/5205\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "psirt@nvidia.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-502\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-34393\",\"sourceIdentifier\":\"psirt@nvidia.com\",\"published\":\"2021-06-22T22:15:09.210\",\"lastModified\":\"2024-11-21T06:10:18.307\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Trusty contains a vulnerability in TSEC TA which deserializes the incoming messages even though the TSEC TA does not expose any command. This vulnerability might allow an attacker to exploit the deserializer to impact code execution, causing information disclosure.\"},{\"lang\":\"es\",\"value\":\"Trusty contiene una vulnerabilidad en TSEC TA que deserializa los mensajes entrantes incluso aunque el TSEC TA no exponga ning\u00fan comando. Esta vulnerabilidad podr\u00eda permitir a un atacante explotar el deserializador para impactar en la ejecuci\u00f3n de c\u00f3digo, causando divulgaci\u00f3n de informaci\u00f3n\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@nvidia.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N\",\"baseScore\":4.2,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":0.6,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":4.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":0.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":2.1,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-502\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:nvidia:jetson_linux:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"32.5.1\",\"matchCriteriaId\":\"E8941F71-0292-414E-AEA5-DD55EA3C2009\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:nvidia:jetson_agx_xavier_16gb:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0E081CB-B6EC-42DC-BA04-BCA13C17D190\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:nvidia:jetson_agx_xavier_32gb:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4F92D471-8E65-41FC-A5DE-255136F6F989\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:nvidia:jetson_agx_xavier_8gb:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E29459F7-997A-4B87-9164-6E3B5158ADC3\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:nvidia:jetson_tx1:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"86D1FDAD-C594-43D9-9BF6-F7461177AB91\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:nvidia:jetson_tx2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DE9D4A55-A232-4AF2-B7E9-CD58D7D17479\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:nvidia:jetson_tx2_4gb:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"71994F94-5279-4107-99F5-48990AE0C686\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:nvidia:jetson_tx2_nx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"64C3FB58-08AA-4FE4-97BE-21B254BA229F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:nvidia:jetson_tx2i:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5DF55ABB-1B4F-452E-9D84-C01A638F88A0\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:nvidia:jetson_xavier_nx:-:*:developer_kit:*:*:*:*:*\",\"matchCriteriaId\":\"3E54B955-F0E2-44BD-9B8C-3C788BBCF2A9\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:nvidia:jetson_xavier_nx:-:*:production:*:*:*:*:*\",\"matchCriteriaId\":\"3E0C93C3-26F6-48E4-BADA-4DB05A7BA9D1\"}]}]}],\"references\":[{\"url\":\"https://nvidia.custhelp.com/app/answers/detail/a_id/5205\",\"source\":\"psirt@nvidia.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://nvidia.custhelp.com/app/answers/detail/a_id/5205\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.