RTI Connext DDS Professional and Connext DDS Secure Network Amplification
CVE-2021-38487

8.8HIGH

Key Information:

Vendor: Rti
Status: Connext Professional; Connext Micro
Vendor: CVE Published:; 5 May 2022

What is CVE-2021-38487?

RTI Connext Professional versions 4.1 to 6.1.0, and Connext Micro versions 2.4 and later are vulnerable when an attacker sends a specially crafted packet to flood target devices with unwanted traffic. This may result in a denial-of-service condition and information exposure.

Affected Version(s)

Connext Micro 4.0.0 < 4.0.*

Connext Micro 3.0.0 < 3.0.*

Connext Micro 2.4.0 < 2.4.*

References

https://www.rti.com/vulnerabilities/#cve-2021-38487

https://www.cisa.gov/uscert/ics/advisories/icsa-21-315-02

https://support.rti.com/s/login/?ec=302&startURL=%2Fs%2F

CVSS V4

Score:

8.8

Severity:

HIGH

Confidentiality:

Low

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 5, 2022
Vulnerability Reserved
Aug 10, 2021

Credit

Federico Maggi (Trend Micro Research), Ta-Lun Yen, and Chizuru Toyama (TXOne Networks, Trend Micro) reported these vulnerabilities to CISA. In addition, Patrick Kuo, Mars Cheng (TXOne Networks, Trend Micro), Víctor Mayoral-Vilches (Alias Robotics), and Erik Boasson (ADLINK Technology) also contributed to this research.

Rti

What is CVE-2021-38487?

Affected Version(s)

References

CVSS V4

Timeline

Credit