arbitrary code execution via crafted script in ROS2 navigation2
CVE-2024-41650

9.8CRITICAL

Key Information:

Vendor: Open Robotics
Status: Robot Operating System
Vendor: CVE Published:; 6 December 2024

🔔 Create Open Robotics Vulnerability Alert

What is CVE-2024-41650?

The vulnerability in Open Robotics' Robotic Operating System 2 (ROS2) Navigation2 component arises from insecure permissions, allowing potential attackers to execute arbitrary code via a maliciously crafted script targeting the nav2_costmap_2d. This poses a significant risk as it can lead to unauthorized access and manipulation of the navigation system, which is critical in robotics applications. Users of the affected version are advised to take immediate precautions to mitigate potential exploits.

References

https://github.com/GoesM/ROS-CVE-CNVDs

https://github.com/ros-navigation/navigation2/issues/4489

https://github.com/ros-navigation/navigation2/pull/4495

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 6, 2024