NVIDIA Isaac Launchable Privilege Escalation

CRITICAL (9.8) No Patch
cwe-250code-executiondata-tamperingdenial-of-serviceinformation-disclosureisaac-launchablenvidiaprivilege-escalation

Threat Intelligence

Low Risk
🔍 Detection Tools: None available in major open-source tools
⚔️ Exploit Availability: No public exploits found

How we test →

What is it?

NVIDIA Isaac Launchable is a software development kit for building autonomous vehicles. It allows developers to create and test AI models in a simulated environment. The vulnerability discovered in NVIDIA Isaac Launchable enables an attacker to execute code with unnecessary privileges, potentially leading to code execution, privilege escalation, denial of service, information disclosure, and data tampering.

Am I affected?

You're affected if you use NVIDIA Isaac Launchable versions 1.10.0-rc2 or earlier. To check if your version is affected, run the following command:

nvidia-isaac-launchable --version

Note that this vulnerability does not affect other NVIDIA products.

Affected Products

NVIDIA / Isaac Launchable

How to fix

To fix this vulnerability, upgrade to NVIDIA Isaac Launchable version 1.10.0-rc2 or later. You can download the latest version from the NVIDIA website.

Immediate mitigations:

  • Restrict network access to your NVIDIA Isaac Launchable instance (firewall it from the public internet)
  • Audit admin account activity for suspicious access patterns
  • Monitor for unauthorized token creation

References