Code Injection in Omniverse Nucleus and Omniverse Cache - CVE-2022-28198

 

Code Injection in Omniverse Nucleus and Omniverse Cache - CVE-2022-28198

Published: May 2, 2022


Vulnerability identifier: #VU62712
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2022-28198
CWE-ID: CWE-94
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: nVidia
Affected software:
Omniverse Nucleus
Omniverse Cache

Detailed vulnerability description

The vulnerability allows a local attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation in the configuration of OpenSSL. An attacker with physical access can execute arbitrary code on the target system.


How to mitigate CVE-2022-28198

Install updates from vendor's website.

Sources