CVE-2023-24011 – This vulnerability allows attackers with valid ... (How to Fix)

Q: What is the severity of CVE-2023-24011?

CVE-2023-24011 has a CVSS score of 8.2 (HIGH). This vulnerability allows attackers with valid certificates to create malicious DDS Participants or ROS 2 Nodes that can compromise and gain full control of secure DDS databus systems. It affects systems using non-compliant implementations of permission document verification in DDS vendors' software, specifically those improperly using OpenSSL's PKCS7_verify function for S/MIME signature validation.

📋 TL;DR

This vulnerability allows attackers with valid certificates to create malicious DDS Participants or ROS 2 Nodes that can compromise and gain full control of secure DDS databus systems. It affects systems using non-compliant implementations of permission document verification in DDS vendors' software, specifically those improperly using OpenSSL's PKCS7_verify function for S/MIME signature validation.

💻 Affected Systems

Products:

ROS 2 sros2
DDS implementations with non-compliant permission document verification

Versions: ROS 2 sros2 versions prior to fixes

Operating Systems: Linux, Windows, macOS (any OS running affected DDS implementations)

Default Config Vulnerable: ⚠️ Yes

Notes: Systems using DDS with PKCS#7 certificate validation and S/MIME signatures are vulnerable if the implementation doesn't properly validate permission documents.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:

Review the CVE details at NVD
Check vendor security advisories for your specific version
Test if the vulnerability is exploitable in your environment
Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the DDS databus system, allowing attackers to intercept, modify, or inject data, potentially leading to system takeover or data exfiltration.

🟠

Likely Case

Unauthorized access to the DDS databus, enabling data manipulation, eavesdropping, or denial of service against legitimate participants.

🟢

If Mitigated

Limited impact with proper certificate validation and network segmentation, though some risk remains if certificates are compromised.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires valid certificates but improper validation allows crafted malicious participants to bypass security controls.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check vendor-specific updates for ROS 2 sros2 and DDS implementations

Vendor Advisory: https://github.com/ros2/sros2/issues/282

Restart Required: No

Instructions:

1. Update ROS 2 sros2 to the latest version. 2. Apply patches from DDS vendors addressing PKCS7_verify implementation. 3. Verify permission document validation complies with DDS security specifications.

🔧 Temporary Workarounds

Strict Certificate Validation

all

Implement additional validation checks for certificates and permission documents beyond PKCS7_verify.

🧯 If You Can't Patch

Implement network segmentation to isolate DDS databus from untrusted networks.
Use application-level encryption for sensitive data transmitted over DDS.

🔍 How to Verify

Check if Vulnerable:

Check if your DDS implementation uses OpenSSL's PKCS7_verify for S/MIME signature validation without proper permission document checks.

Check Version:

ros2 version (for ROS 2 systems) or vendor-specific version commands for DDS implementations.

Verify Fix Applied:

Verify that permission documents are validated according to DDS security specifications and test with crafted certificates.

📡 Detection & Monitoring

Log Indicators:

Unauthorized DDS participant connections
Certificate validation failures
Permission document verification errors

Network Indicators:

Unusual DDS traffic patterns
Connections from unexpected IPs to DDS ports

SIEM Query:

source="dds_logs" AND (event_type="participant_join" AND certificate_validation="failed")

📊 Metadata

CVE ID: CVE-2023-24011

CVSS v3 Score: 8.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L

CWE: CWE-200

EPSS Score: 0.13% exploit probability (33.3th percentile)

Published: January 9, 2025

Last Updated: January 9, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-24011, you might also want to check these: