- Description
- An attacker can arbitrarily craft malicious DDS Participants (or ROS 2 Nodes) with valid certificates to compromise and get full control of the attacked secure DDS databus system by exploiting vulnerable attributes in the configuration of PKCS#7 certificate’s validation. This is caused by a non-compliant implementation of permission document verification used by some DDS vendors. Specifically, an improper use of the OpenSSL PKCS7_verify function used to validate S/MIME signatures.
- Source
- cve-coordination@incibe.es
- NVD status
- Received
CVSS 3.1
- Type
- Secondary
- Base score
- 8.2
- Impact score
- 4.2
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
- Severity
- HIGH
- cve-coordination@incibe.es
- CWE-200
- Hype score
- Not currently trending
CVE-2023-24012 Arbitrary Code Execution via Improper Certificate Validation in DDS Systems An attacker can create harmful DDS Participants or ROS 2 Nodes with valid certificates to take over a secure DDS databus ... https://t.co/W6Rq8eAufZ
@VulmonFeeds
9 Jan 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2023-24012 An attacker can arbitrarily craft malicious DDS Participants (or ROS 2 Nodes) with valid certificates to compromise and get full control of the attacked secure DDS da… https://t.co/sUAlz70cT5
@CVEnew
9 Jan 2025
244 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes