CVE-2022-42268
CVE-2022-42268
Vexday Risk Score
21Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 7.8EPSS 0.6%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
12 ene 2023Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
Omniverse Kit contains a vulnerability in the reference applications Create, Audio2Face, Isaac Sim, View, Code, and Machinima. These applications allow executable Python code to be embedded in Universal Scene Description (USD) files to customize all aspects of a scene. If a user opens a USD file that contains embedded Python code in one of these applications, the embedded Python code automatically runs with the privileges of the user who opened the file. As a result, an unprivileged remote attacker could craft a USD file containing malicious Python code and persuade a local user to open the file, which may lead to information disclosure, data tampering, and denial of service.
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Productos afectados
NVIDIA · NVIDIA Isaac SimNVIDIA · Omniverse Audio2FaceNVIDIA · Omniverse CodeNVIDIA · Omniverse CreateNVIDIA · Omniverse MachinimaNVIDIA · Omniverse View¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →