CVE-2023-24010
HIGHeProsima DDS - PKCS#7 Permission Verification Bypass
Title source: manualDescription
An attacker can arbitrarily craft malicious DDS Participants (or ROS 2 Nodes) with valid certificates to compromise and get full control of the attacked secure DDS databus system by exploiting vulnerable attributes in the configuration of PKCS#7 certificate’s validation. This is caused by a non-compliant implementation of permission document verification used by some DDS vendors. Specifically, an improper use of the OpenSSL PKCS7_verify function used to validate S/MIME signatures.
References (2)
Core 2
Core References
Issue Tracking
https://github.com/ros2/sros2/issues/282
Scores
CVSS v3
8.2
EPSS
0.0033
EPSS Percentile
24.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-200
Status
published
Products (1)
eProsima/DDS
all versions
Published
Jan 09, 2025
Tracked Since
Feb 18, 2026