RTI Connext DDS Professional and Connext DDS Secure Network Amplification
CVE-2021-38487

7.5HIGH

Key Information:

Vendor: Rti
Status: Connext Dds Professional; Connext Dds Secure; Connext Dds Micro
Vendor: CVE Published:; 5 May 2022

What is CVE-2021-38487?

RTI Connext DDS Professional, Connext DDS Secure versions 4.2x to 6.1.0, and Connext DDS Micro versions 2.4 and later are vulnerable when an attacker sends a specially crafted packet to flood target devices with unwanted traffic. This may result in a denial-of-service condition and information exposure.

Affected Version(s)

Connext DDS Micro 2.4

Connext DDS Professional 4.2x <= 6.1.0

Connext DDS Secure 4.2x <= 6.1.0

References

https://www.cisa.gov/uscert/ics/advisories/icsa-21-315-02

https://support.rti.com/s/login/?ec=302&startURL=%2Fs%2F

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 5, 2022
Vulnerability Reserved
Aug 10, 2021

Credit

Federico Maggi (Trend Micro Research), Ta-Lun Yen, and Chizuru Toyama (TXOne Networks, Trend Micro) reported these vulnerabilities to CISA. In addition, Patrick Kuo, Mars Cheng (TXOne Networks, Trend Micro), Víctor Mayoral-Vilches (Alias Robotics), and Erik Boasson (ADLINK Technology) also contributed to this research.

Rti

What is CVE-2021-38487?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit