CVE-2024-29440
Unauthorized Access Vulnerability in ROS2 Humble Hawksbill
Unauthorized Access
TBD
The Open Source Robotics Foundation (OSRF)
ROS2 Humble Hawksbill (ROS_VERSION=2 and ROS_PYTHON_VERSION=3)
An unauthorized access vulnerability has been discovered in ROS2 Humble Hawksbill versions where ROS_VERSION is 2 and ROS_PYTHON_VERSION is 3. This vulnerability could potentially allow a malicious user to gain unauthorized access to multiple ROS2 nodes remotely. Unauthorized access to these nodes could result in compromised system integrity, the execution of arbitrary commands, and disclosure of sensitive information.
Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access to multiple ROS2 nodes, leading to a compromise of system integrity and potential loss of confidentiality and control over robotic operations. Depending on the nature and functionality of the affected system, this could have severe implications.
This vulnerability can be exploited remotely. The specifics of the attack vector are currently undisclosed.
Users are advised to update to the latest version as soon as it becomes available and monitor advisories from the ROS2 development team. In the interim, users should consider implementing strict access controls and use strong, unique credentials to help mitigate potential unauthorized access.
There is currently no known workaround for this vulnerability. The primary mitigation is to update to a patched version as soon as it is available.
Confirmed and published.
Yash Patel and Dr. Parag Rughani