NVIDIA Isaac Launchable Hard-Coded Credential Vulnerability

CRITICAL (9.8) No Patch
cwe-798autonomous-vehiclescode-executiondenial-of-servicehard-coded-credentialisaac-launchablenvidiaprivilege-escalationvulnerability

Threat Intelligence

Low Risk
🔍 Detection Tools: None available in major open-source tools
⚔️ Exploit Availability: No public exploits found

How we test →

What is it?

NVIDIA Isaac Launchable is a software development kit for building autonomous vehicles. This vulnerability allows an attacker to exploit a hard-coded credential issue, potentially leading to code execution, privilege escalation, denial of service, and data tampering.

Am I affected?

You're affected if you use NVIDIA Isaac Launchable version 2021.3.0 or earlier. To check if your system is vulnerable, run the following command: grep "LAUNCHABLE_CREDENTIALS" /opt/nvidia/isaac-launchable/config.json

Note that this vulnerability does not affect other NVIDIA products or software.

Affected Products

NVIDIA Corporation / Isaac Launchable

How to fix

To fix this vulnerability, upgrade to NVIDIA Isaac Launchable version 2021.3.1 or later. You can download the latest version from the NVIDIA website: https://developer.nvidia.com/isaac-launchable

Immediate mitigations:

  • Restrict network access to your NVIDIA Isaac Launchable instance (firewall it from the public internet)
  • Audit admin account activity for suspicious access patterns
  • Monitor for unauthorized token creation

References