CVE-2022-28198

NVIDIA Omniverse Nucleus and Cache contain a vulnerability in its configuration of OpenSSL, where an attacker with physical access to the system can cause arbitrary code execution which can impact confidentiality, integrity, and availability.

CVSS v3 6.6 MEDIUM
CVSS v2.0 4.6 MEDIUM

6.6^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.7 / Impact : 5.9

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

4.6^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://nvidia.custhelp.com/app/answers/detail/a_id/5342	Vendor Advisory
https://nvidia.custhelp.com/app/answers/detail/a_id/5342	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:nvidia:omniverse_cache:2021.3.0:::::::*
	cpe:2.3:a:nvidia:omniverse_nucleus:2021.3.2:::::::*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

History

21 Nov 2024, 06:56

Type	Values Removed	Values Added
CVSS	v2 : ~~4.6~~ v3 : ~~6.8~~	v2 : 4.6 v3 : 6.6
References	~~() https://nvidia.custhelp.com/app/answers/detail/a_id/5342 - Vendor Advisory~~	() https://nvidia.custhelp.com/app/answers/detail/a_id/5342 - Vendor Advisory

11 May 2022, 13:52

Type	Values Removed	Values Added
CWE		NVD-CWE-noinfo
CVSS	v2 : ~~unknown~~ v3 : ~~6.6~~	v2 : 4.6 v3 : 6.8
CPE		cpe:2.3:o:microsoft:windows:-:::::::* cpe:2.3:a:nvidia:omniverse_nucleus:2021.3.2:::::::* cpe:2.3:a:nvidia:omniverse_cache:2021.3.0:::::::*
References	~~(MISC) https://nvidia.custhelp.com/app/answers/detail/a_id/5342 -~~	(MISC) https://nvidia.custhelp.com/app/answers/detail/a_id/5342 - Vendor Advisory

29 Apr 2022, 21:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-04-29 21:15

Updated : 2024-11-21 06:56

NVD link : CVE-2022-28198

Mitre link : CVE-2022-28198

CVE.ORG link : CVE-2022-28198

JSON object : View

Products Affected

microsoft

windows

nvidia

omniverse_cache
omniverse_nucleus

CWE

CWE-706

Use of Incorrectly-Resolved Name or Reference

NVD-CWE-noinfo

{"id": "CVE-2022-28198", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Secondary", "source": "psirt@nvidia.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.6, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.7}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.9}]}, "published": "2022-04-29T21:15:07.697", "references": [{"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5342", "tags": ["Vendor Advisory"], "source": "psirt@nvidia.com"}, {"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5342", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "psirt@nvidia.com", "description": [{"lang": "en", "value": "CWE-706"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "NVIDIA Omniverse Nucleus and Cache contain a vulnerability in its configuration of OpenSSL, where an attacker with physical access to the system can cause arbitrary code execution which can impact confidentiality, integrity, and availability."}, {"lang": "es", "value": "NVIDIA Omniverse Nucleus y Cache contienen una vulnerabilidad en su configuraci\u00f3n de OpenSSL, donde un atacante con acceso f\u00edsico al sistema puede causar la ejecuci\u00f3n de c\u00f3digo arbitrario que puede impactar en la confidencialidad, integridad y disponibilidad"}], "lastModified": "2024-11-21T06:56:56.180", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nvidia:omniverse_cache:2021.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8B8C314B-7E3A-4A5D-BA8E-71C4AECA2C14"}, {"criteria": "cpe:2.3:a:nvidia:omniverse_nucleus:2021.3.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4227D017-6C6C-4991-A7C7-78F17826C37B"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@nvidia.com"}