CVE-2023-24012

EIP tracks 1 public exploit for CVE-2023-24012. PoCs published by SafeLock-D2E.

AI-analyzed exploit summary This repository contains a functional PoC for CVE-2023-24012, demonstrating a permission bypass vulnerability in ROS 2 SROS2 security framework. The exploit modifies locally signed permission files to allow unauthorized topic subscriptions.

An attacker can arbitrarily craft malicious DDS Participants (or ROS 2 Nodes) with valid certificates to compromise and get full control of the attacked secure DDS databus system by exploiting vulnerable attributes in the configuration of PKCS#7 certificate’s validation. This is caused by a non-compliant implementation of permission document verification used by some DDS vendors. Specifically, an improper use of the OpenSSL PKCS7_verify function used to validate S/MIME signatures.