NVIDIA Isaac Launchable contains a vulnerability where an attacker could cause an execution with unnecessary privileges. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, denial of service, information disclosure and data tampering.
The vulnerability classified as CWE-250 (Execution with Unnecessary Privileges) consists of the software component running processes or performing operations with a broader scope of privileges than necessary. A remote, unauthenticated attacker (network vector, no required user interaction and privileges) can exploit this mechanism to take control of the vulnerable component. The lack of necessity for user interaction or prior access significantly lowers the threshold for the attacker.
An attacker can cause arbitrary code execution (RCE), privilege escalation in the system, denial of service (DoS), disclosure of confidential information, and unauthorized data modification.
Security patches available from the manufacturer should be applied according to the references — detailed information about versions containing the fix is available in the NVIDIA security bulletin at https://nvidia.custhelp.com/app/answers/detail/a_id/5749
NVIDIA Isaac Launchable — specific versions indicated in the manufacturer's references (NVIDIA bulletin: https://nvidia.custhelp.com/app/answers/detail/a_id/5749)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HNvidia Isaac Launchable
APPNvidia1.0
Related vulnerabilities
NVIDIA Isaac Launchable — podatność hard-coded credentials (RCE, DoS)
NVIDIA Isaac Launchable — wykonanie kodu z nadmiernymi uprawnieniami
NVIDIA Isaac Launchable for Linux contains a vulnerability where sensitive information is transmitted in clear...
Authentication Bypass w NVIDIA Triton Inference Server umożliwiający RCE
NVIDIA NVFlare – authorization bypass przez klucz kontrolowany przez użytkownika