- Description
- An attacker can arbitrarily craft malicious DDS Participants (or ROS 2 Nodes) with valid certificates to compromise and get full control of the attacked secure DDS databus system by exploiting vulnerable attributes in the configuration of PKCS#7 certificate’s validation. This is caused by a non-compliant implementation of permission document verification used by some DDS vendors. Specifically, an improper use of the OpenSSL PKCS7_verify function used to validate S/MIME signatures.
- Source
- cve-coordination@incibe.es
- NVD status
- Received
CVSS 3.1
- Type
- Secondary
- Base score
- 8.2
- Impact score
- 4.2
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
- Severity
- HIGH
- cve-coordination@incibe.es
- CWE-200
- Hype score
- Not currently trending
CVE-2023-24010 Full Control via PKCS#7 Validation Flaw in DDS Systems Some DDS systems have a flaw. Attackers can create malicious DDS Participants or ROS 2 Nodes. These have valid certificates. They can take ful... https://t.co/nnQ95cL3Xc
@VulmonFeeds
9 Jan 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2023-24010 An attacker can arbitrarily craft malicious DDS Participants (or ROS 2 Nodes) with valid certificates to compromise and get full control of the attacked secure DDS da… https://t.co/WbujQPKhOT
@CVEnew
9 Jan 2025
293 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes