Code Injection in Omniverse Nucleus and Omniverse Cache - CVE-2022-28198
Published: May 2, 2022
Vulnerability identifier: #VU62712
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2022-28198
CWE-ID: CWE-94
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: nVidia
Affected software:
Omniverse Nucleus
Omniverse Cache
Omniverse Nucleus
Omniverse Cache
Detailed vulnerability description
The vulnerability allows a local attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in the configuration of OpenSSL. An attacker with physical access can execute arbitrary code on the target system.
How to mitigate CVE-2022-28198
Install updates from vendor's website.