CVE-2023-50257
📋 TL;DR
This vulnerability in eProsima Fast DDS allows attackers to forcibly disconnect subscribers and prevent new connections by sending unencrypted disconnect packets. It affects systems using Fast DDS with SROS2 security enabled, enabling denial-of-service attacks against DDS communications. The vulnerability has been present since 2016 in multiple versions.
💻 Affected Systems
- eProsima Fast DDS
- Fast RTPS
📦 What is this software?
Fast Dds by Eprosima
Fast Dds by Eprosima
Fast Dds by Eprosima
Fast Dds by Eprosima
⚠️ Risk & Real-World Impact
Worst Case
Complete disruption of all DDS communications in a system, causing critical services to fail due to inability to exchange data between publishers and subscribers.
Likely Case
Targeted denial-of-service attacks against specific DDS topics or participants, disrupting real-time data flows in robotics, industrial control, or autonomous systems.
If Mitigated
Limited impact if network segmentation prevents attackers from reaching the multicast address or if intrusion detection systems block malicious packets.
🎯 Exploit Status
Exploitation requires network access to the multicast address 239.255.0.1:7400 and knowledge of publisher GUIDs.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.13.0, 2.12.2, 2.11.3, 2.10.3, or 2.6.7
Vendor Advisory: https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-v5r6-8mvh-cp98
Restart Required: Yes
Instructions:
1. Identify your Fast DDS version. 2. Upgrade to a patched version using your package manager or by building from source. 3. Restart all Fast DDS applications.
🔧 Temporary Workarounds
Network Segmentation
linuxBlock access to multicast address 239.255.0.1:7400 from untrusted networks
iptables -A INPUT -d 239.255.0.1 -j DROP
iptables -A INPUT -p udp --dport 7400 -j DROP
Disable SROS2 Security
allTemporarily disable SROS2 security if not required, though this reduces overall security
Set ROS_SECURITY_ENABLE=false in environment or configuration
🧯 If You Can't Patch
- Implement strict network access controls to prevent unauthorized access to port 7400 and multicast traffic.
- Deploy network intrusion detection systems to monitor for malicious disconnect packets targeting the DDS multicast address.
🔍 How to Verify
Check if Vulnerable:
Check Fast DDS version and verify it's below patched versions. Review if SROS2 security is enabled in configuration.Check Version:
fastdds --version or check package manager (apt list --installed | grep fastdds)Verify Fix Applied:
Verify Fast DDS version is 2.13.0, 2.12.2, 2.11.3, 2.10.3, or 2.6.7 or higher. Test DDS connectivity remains stable during simulated attack conditions.📡 Detection & Monitoring
Log Indicators:
- Unexpected subscriber disconnections
- Failed connection attempts despite valid credentials
- Security manager handshake failures
Network Indicators:
- Unusual UDP traffic to 239.255.0.1:7400
- Disconnect packets (p[UD]) from unexpected sources
- Spike in RTPS protocol error messages
SIEM Query:
source_ip!=trusted_network AND dest_ip=239.255.0.1 AND dest_port=7400 AND protocol=UDP🔗 References
- https://github.com/eProsima/Fast-DDS/commit/072cbc9d6a71d869a5cbed1873c0cdd6cf67cda4
- https://github.com/eProsima/Fast-DDS/commit/e1869863c06db7fbb366ae53760fbe6e754be026
- https://github.com/eProsima/Fast-DDS/commit/f07a0213e655202188840b864be4438ae1067a13
- https://github.com/eProsima/Fast-DDS/commit/f2e5ceae8fbea0a6c9445a366faaca0b98a8ef86
- https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-v5r6-8mvh-cp98
- https://github.com/eProsima/Fast-DDS/commit/072cbc9d6a71d869a5cbed1873c0cdd6cf67cda4
- https://github.com/eProsima/Fast-DDS/commit/e1869863c06db7fbb366ae53760fbe6e754be026
- https://github.com/eProsima/Fast-DDS/commit/f07a0213e655202188840b864be4438ae1067a13
- https://github.com/eProsima/Fast-DDS/commit/f2e5ceae8fbea0a6c9445a366faaca0b98a8ef86
- https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-v5r6-8mvh-cp98
