Login Sign Up

CVE-2019-5672

9.1 CRITICAL

📋 TL;DR

This vulnerability affects NVIDIA Jetson TX1 and TX2 devices running Linux for Tegra (L4T) where default SSH host keys are not replaced with unique keys after system deployment. This allows attackers to perform man-in-the-middle attacks and potentially decrypt SSH traffic. All users of Jetson TX1/TX2 with L4T versions prior to R28.3 are affected.

💻 Affected Systems

Products:
  • NVIDIA Jetson TX1
  • NVIDIA Jetson TX2
Versions: All versions prior to R28.3
Operating Systems: Linux for Tegra (L4T)
Default Config Vulnerable: ⚠️ Yes
Notes: Affects systems using the sample rootfs that haven't regenerated SSH host keys after deployment.

📦 What is this software?

Jetson Tx1 by Nvidia

View all CVEs affecting Jetson Tx1 →

Jetson Tx2 by Nvidia

View all CVEs affecting Jetson Tx2 →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers can perform persistent man-in-the-middle attacks, decrypt SSH sessions, intercept sensitive data, and potentially gain unauthorized access to affected devices.

🟠

Likely Case

Attackers on the same network can intercept SSH traffic to/from vulnerable devices, potentially capturing credentials and sensitive data.

🟢

If Mitigated

With proper network segmentation and monitoring, impact is limited to internal network compromise of affected devices.

🌐 Internet-Facing: HIGH
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires network access to intercept SSH traffic. Attackers need to be positioned to perform man-in-the-middle attacks.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: R28.3 and later

Vendor Advisory: https://nvidia.custhelp.com/app/answers/detail/a_id/4787

Restart Required: Yes

Instructions:

1. Update L4T to version R28.3 or later. 2. Regenerate SSH host keys using 'ssh-keygen -A'. 3. Restart SSH service. 4. Update known_hosts files on all client systems.

🔧 Temporary Workarounds

Manual SSH Key Regeneration

linux

Regenerate SSH host keys manually without upgrading L4T

sudo rm /etc/ssh/ssh_host_*
sudo ssh-keygen -A
sudo systemctl restart ssh

🧯 If You Can't Patch

  • Isolate affected devices in separate network segments with strict access controls
  • Disable SSH access entirely and use alternative management methods

🔍 How to Verify

Check if Vulnerable:

Check if SSH host keys match known default keys by comparing fingerprints with other devices or checking key creation dates

Check Version:

cat /etc/nv_tegra_release

Verify Fix Applied:

Verify SSH host keys are unique by checking fingerprints and ensuring they were generated after system deployment

📡 Detection & Monitoring

Log Indicators:

  • Multiple SSH connection failures from different IPs
  • SSH host key mismatch warnings in client logs
  • Unusual SSH traffic patterns

Network Indicators:

  • SSH traffic to/from Jetson devices with unusual patterns
  • Multiple SSH sessions with same host key fingerprint

SIEM Query:

source="ssh.log" AND ("Host key verification failed" OR "WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED") AND host="jetson*"

📊 Metadata

CVE ID: CVE-2019-5672
CVSS v3 Score: 9.1 (CRITICAL)
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CWE: CWE-320
Published: April 11, 2019
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2019-5672, you might also want to check these:

CVE-2016-10421 9.8

This vulnerability in Qualcomm Snapdragon chipsets used in Android devices fails to properly clear c...

Same vulnerability type (CWE-320)
CVE-2021-26322 7.5

This vulnerability in AMD platform security processors (PSP) allows potential recovery of encrypted ...

Same vulnerability type (CWE-320)
CVE-2017-13887 7.5

This macOS vulnerability allows attackers to bypass authentication and gain root access to systems w...

Same vulnerability type (CWE-320)