NVIDIA Isaac Launchable contains a vulnerability where an attacker could exploit a hard-coded credential issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, denial of service, and data tampering.
An attacker can exploit hard-coded credentials embedded in the application (CWE-798), which are identical for every product installation and cannot be changed by the user in a standard way. Since the attack vector is network-based, attack complexity is low, and no privileges or victim interaction are required, an attacker can remotely authenticate to the system using known credentials. Once access is obtained, further offensive actions are possible.
Successful exploitation of this vulnerability may lead to remote code execution (RCE), privilege escalation, denial of service (DoS), and manipulation of stored data. Complete compromise of system confidentiality, integrity, and availability.
Apply patches available from the vendor according to the references — detailed information about the patched version is available in the NVIDIA security bulletin at https://nvidia.custhelp.com/app/answers/detail/a_id/5749. Additionally, it is recommended to restrict network access to the system running NVIDIA Isaac Launchable (firewall, network segmentation) until the patch is deployed.
NVIDIA Isaac Launchable — versions specified in the vendor's references (detailed versions provided in the NVIDIA bulletin: https://nvidia.custhelp.com/app/answers/detail/a_id/5749)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HNvidia Isaac Launchable
APPNvidia1.0
Related vulnerabilities
NVIDIA Isaac Launchable — wykonanie kodu z nadmiernymi uprawnieniami
NVIDIA Isaac Launchable — wykonanie kodu z nadmiernymi uprawnieniami
NVIDIA Isaac Launchable for Linux contains a vulnerability where sensitive information is transmitted in clear...
Authentication Bypass w NVIDIA Triton Inference Server umożliwiający RCE
NVIDIA NVFlare – authorization bypass przez klucz kontrolowany przez użytkownika