- Description
- An attacker can arbitrarily craft malicious DDS Participants (or ROS 2 Nodes) with valid certificates to compromise and get full control of the attacked secure DDS databus system by exploiting vulnerable attributes in the configuration of PKCS#7 certificate’s validation. This is caused by a non-compliant implementation of permission document verification used by some DDS vendors. Specifically, an improper use of the OpenSSL PKCS7_verify function used to validate S/MIME signatures.
- Source
- cve-coordination@incibe.es
- NVD status
- Received
CVSS 3.1
- Type
- Secondary
- Base score
- 8.2
- Impact score
- 4.2
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
- Severity
- HIGH
- cve-coordination@incibe.es
- CWE-200
- Hype score
- Not currently trending
CVE-2023-24011 Full Control Exploit in Secure DDS Databus via PKCS#7 Verification Attackers can create harmful DDS Participants or ROS 2 Nodes using valid certificates. This lets them take complete control of a s... https://t.co/sriVwkDHSV
@VulmonFeeds
9 Jan 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2023-24011 An attacker can arbitrarily craft malicious DDS Participants (or ROS 2 Nodes) with valid certificates to compromise and get full control of the attacked secure DDS da… https://t.co/YXZNyWYAYu
@CVEnew
9 Jan 2025
172 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes