CVE-2024-30697
Information Leakage in ROS2 Galactic Geochelone via Plaintext Message Transmission
Information Leakage and Unauthorized Access to Sensitive Data
TBD
The Open Source Robotics Foundation (OSRF)
ROS2 Galactic Geochelone (ROS_VERSION=2 and ROS_PYTHON_VERSION=3)
A critical vulnerability has been discovered in ROS2 Galactic Geochelone, where the system transmits messages in plaintext. This flaw exposes sensitive information, making it vulnerable to man-in-the-middle (MitM) attacks, and allowing attackers to easily intercept and access this data.
Information Leakage; Data Integrity Concerns; Loss of Trust; Operational Disruption; Broader Network Compromise.
The vulnerability can be exploited through network sniffing, man-in-the-middle attacks, and unauthorized network access.
To address this vulnerability, it is essential to implement secure communication protocols that encrypt data during transmission. Users should update to a version of ROS2 that provides these security measures or apply available patches that rectify this issue.
In the absence of an immediate solution, users should employ network security measures such as VPNs, monitor network traffic for unusual patterns indicative of eavesdropping, and ensure sensitive data is encrypted at the application level.
Confirmed and published.
Yash Patel and Dr. Parag Rughani
N/A