Security researchers recently uncovered a critical vulnerability in the NVIDIA Omniverse Launcher that could allow attackers to exploit CORS vulnerability on the affected versions of the NVIDIA Omniverse Launcher application, leading to privilege escalation and remote access code execution on NVIDIA Omniverse Launcher. The flaw tracked as CVE‑2022‑21817 has a base score of 9.3 in CVSS v3.1. We have created this post to make all NVIDIA Omniverse Launcher users aware of the flaw. In this post, let’s see how to Fix CVE‑2022‑21817- A CORS vulnerability in NVIDIA Omniverse Launcher.
Table of Contents
What Is NVIDIA Omniverse Launcher?
Omniverse Launcher is an open platform created by NVIDIA for those artistic companies who develop creative virtual assets. This innovative platform is used majorly to build virtual collaboration on creative assets delivered with real-time, physically accurate simulation. It gives opportunities to create the entire VR ecosystem.
Summary Of CVE‑2022‑21817
Cross-Origin Resource Sharing (CORS) vulnerability in NVIDIA Omniverse Launcher allows an unprivileged remote attacker to acquire access tokens allowing them to access resources in other security domains, which may lead to code execution, escalation of privileges, and impact to confidentiality and integrity.
| Associated CVE ID | CVE‑2022‑21817 |
| Description | A CORS vulnerability in NVIDIA Omniverse Launcher App |
| Associated ZDI ID | – |
| CVSS Score | 9.3 Critical |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N |
| Impact Score | 5.8 |
| Exploitability Score | 2.8 |
| Attack Vector (AV) | Network |
| Attack Complexity (AC) | Low |
| Privilege Required (PR) | None |
| User Interaction (UI) | Required |
| Scope | Changed |
| Confidentiality (C) | High |
| Integrity (I) | High |
| availability (a) | High |
How To Fix CVE‑2022‑21817- A CORS Vulnerability In NVIDIA Omniverse Launcher App?
All the versions prior to 1.5.2 are affected by CVE‑2022‑21817 vulnerability. The flaw has been fixed in v1.5.2 and made available for download. We recommend upgrading to the latest available version.
For any queries, please contact NVIDIA Support.
We hope this post will help you know about How to Fix CVE‑2022‑21817- A CORS vulnerability in NVIDIA Omniverse Launcher App. Thanks for reading this threat post. Please share this post and help to secure the digital world. Visit our social media page in Facebook, LinkedIn, Twitter, Telegram, Tumblr, & Medium and subscribe to receive updates like this.
原创文章,作者:ItWorker,如若转载,请注明出处:https://blog.ytso.com/270150.html