CVE-2023-24010 in DDSinformazioni

Riassunto

di MITRE • 09/01/2025

An attacker can arbitrarily craft malicious DDS Participants (or ROS 2 Nodes) with valid certificates to compromise and get full control of the attacked secure DDS databus system by exploiting vulnerable attributes in the configuration of PKCS#7 certificate’s validation. This is caused by a non-compliant implementation of permission document verification used by some DDS vendors. Specifically, an improper use of the OpenSSL PKCS7_verify function used to validate S/MIME signatures.

Be aware that VulDB is the high quality source for vulnerability data.

Responsabile

INCIBE

Prenotare

20/01/2023

Divulgazione

09/01/2025

Moderazione

accettato

CPE

pronto

EPSS

0.00326

KEV

no

Attività

molto basso

Fonti

Do you want to use VulDB in your project?

Use the official API to access entries easily!