Vulnerability in DDS Secure Databus Systems Affecting Multiple Vendors
CVE-2023-24010

8.2HIGH

Key Information:

Vendor: Eprosima
Status: Dds
Vendor: CVE Published:; 9 January 2025

What is CVE-2023-24010?

An attacker can exploit security weaknesses present in the DDS (Data Distribution Service) configuration to gain unauthorized control over secure databus systems. This vulnerability stems from a flawed implementation of the permission document verification process, specifically involving the OpenSSL PKCS7_verify function. By successfully crafting malicious DDS participants or ROS 2 nodes with valid certificates, an attacker can manipulate the system, presenting a significant risk to data integrity and system functionality. This issue affects various DDS vendors who have not adequately secured their implementation against such configuration vulnerabilities.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

DDS all versions

References

https://github.com/ros2/sros2/issues/282

https://gist.github.com/vmayoral/235c02d0b0ef85a29812eff6...

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 9, 2025
Vulnerability Reserved
Jan 20, 2023

Credit

amrc-benmorrow

Gianluca Caizza

Ruffin White

Victor Mayoral Vilches

Mikael Arguedas

JSON

Eprosima

What is CVE-2023-24010?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.