NVIDIA Isaac Launchable contains a vulnerability where an attacker could cause an execution with unnecessary privileges. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, denial of service, information disclosure and data tampering.
The vulnerability is classified as CWE-250 (Execution with Unnecessary Privileges), which means that the software component executes code or processes with a privilege level higher than required to perform the given function. An attacker can exploit this to execute their own code in the context of elevated privileges. The CVSS vector indicates the possibility of a network-based attack without the need to possess an account or any action on the victim's part.
Successful exploitation of this vulnerability may lead to remote code execution (RCE), privilege escalation, denial of service (DoS), disclosure of sensitive information, and data manipulation.
Apply patches available from the vendor according to references — see NVIDIA security bulletin at https://nvidia.custhelp.com/app/answers/detail/a_id/5749
NVIDIA Isaac Launchable — specific versions indicated in vendor references (https://nvidia.custhelp.com/app/answers/detail/a_id/5749)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HNvidia Isaac Launchable
APPNvidia1.0
Related vulnerabilities
NVIDIA Isaac Launchable — podatność hard-coded credentials (RCE, DoS)
NVIDIA Isaac Launchable — wykonanie kodu z nadmiernymi uprawnieniami
NVIDIA Isaac Launchable for Linux contains a vulnerability where sensitive information is transmitted in clear...
Authentication Bypass w NVIDIA Triton Inference Server umożliwiający RCE
NVIDIA NVFlare – authorization bypass przez klucz kontrolowany przez użytkownika