CVE-2022-21817 – This CVE describes a Cross-Origin Resource Shar... (How to Fix)

Q: What is the severity of CVE-2022-21817?

CVE-2022-21817 has a CVSS score of 9.3 (CRITICAL). This CVE describes a Cross-Origin Resource Sharing (CORS) vulnerability in NVIDIA Omniverse Launcher that allows an unprivileged remote attacker to steal access tokens by tricking a user into visiting a malicious website. If exploited, it can lead to unauthorized access to resources across security domains, potentially resulting in code execution, privilege escalation, and breaches of confidentiality and integrity. Users of vulnerable NVIDIA Omniverse Launcher versions are affected.

📋 TL;DR

This CVE describes a Cross-Origin Resource Sharing (CORS) vulnerability in NVIDIA Omniverse Launcher that allows an unprivileged remote attacker to steal access tokens by tricking a user into visiting a malicious website. If exploited, it can lead to unauthorized access to resources across security domains, potentially resulting in code execution, privilege escalation, and breaches of confidentiality and integrity. Users of vulnerable NVIDIA Omniverse Launcher versions are affected.

💻 Affected Systems

Products:

NVIDIA Omniverse Launcher

Versions: Versions prior to the patch; specific range not detailed in provided references.

Operating Systems: Windows, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability is present in default configurations of the launcher; users must update to a patched version to mitigate.

📦 What is this software?

Omniverse Launcher by Nvidia

View all CVEs affecting Omniverse Launcher →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker gains full control over the affected system, executes arbitrary code, escalates privileges to administrator level, and compromises sensitive data across security domains.

🟠

Likely Case

An attacker steals access tokens to access restricted resources, leading to data theft, unauthorized actions, and potential lateral movement within the network.

🟢

If Mitigated

With proper controls like patching and network segmentation, impact is limited to isolated incidents with minimal data exposure and no privilege escalation.

🌐 Internet-Facing: HIGH, as exploitation requires only a user browsing a malicious site, making internet-facing systems highly susceptible to remote attacks.

🏢 Internal Only: MEDIUM, as internal users could still be tricked into visiting malicious sites, but network controls may reduce exposure compared to external threats.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires user interaction (browsing a malicious site) but is straightforward once initiated, leveraging CORS misconfigurations.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Specific version not listed; refer to NVIDIA advisory for latest patched release.

Vendor Advisory: https://nvidia.custhelp.com/app/answers/detail/a_id/5318

Restart Required: Yes

Instructions:

1. Visit the NVIDIA advisory URL. 2. Download and install the latest version of NVIDIA Omniverse Launcher. 3. Restart the system to apply changes.

🔧 Temporary Workarounds

Disable or Restrict Launcher Usage

all

Temporarily disable the NVIDIA Omniverse Launcher or restrict user access to prevent exploitation until patching is possible.

🧯 If You Can't Patch

Implement network segmentation to isolate affected systems and limit access to critical resources.
Educate users to avoid browsing untrusted websites and enable browser security features like strict CORS policies.

🔍 How to Verify

Check if Vulnerable:

Check the installed version of NVIDIA Omniverse Launcher against the patched version listed in the NVIDIA advisory.

Check Version:

On Windows: Check via 'Programs and Features' in Control Panel. On Linux: Use package manager commands like 'dpkg -l' or 'rpm -qa' for NVIDIA Omniverse.

Verify Fix Applied:

Confirm that the launcher version matches or exceeds the patched version from the advisory and test for CORS vulnerabilities using security tools.

📡 Detection & Monitoring

Log Indicators:

Unusual access token requests or CORS-related errors in application logs
Failed authentication attempts from unexpected origins

Network Indicators:

Suspicious HTTP requests with CORS headers to NVIDIA Omniverse endpoints
Traffic from known malicious IPs to launcher services

SIEM Query:

Example: 'source="nvidia_omniverse" AND (event="CORS_violation" OR status="401")'

📊 Metadata

CVE ID: CVE-2022-21817

CVSS v3 Score: 9.3 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

Published: February 2, 2022

Last Updated: November 21, 2024

🔗 References

https://nvidia.custhelp.com/app/answers/detail/a_id/5318 Vendor Advisory
https://nvidia.custhelp.com/app/answers/detail/a_id/5318 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON