CVE-2024-41646

Published: Dec 6, 2024Modified: Dec 13, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2_dwb_controller.

Affected (2)

Products: Openrobotics: Robot Operating System

Openrobotics

1 product

Robot Operating System

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Openrobotics Robot Operating System	Version 2 humble
Openrobotics Robot Operating System	Version 2 iron

Related CWEs

CWE-281

Improper Preservation of Permissions

The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.

References (4)

https://github.com/GoesM/ROS-CVE-CNVDs

Source: cve@mitre.org

Third Party Advisory

https://github.com/ros-navigation/navigation2/issues/4437

Source: cve@mitre.org

ExploitIssue Tracking

https://github.com/ros-navigation/navigation2/pull/4463

Source: cve@mitre.org

Third Party Advisory

https://github.com/ros-navigation/navigation2/issues/4437

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

ExploitIssue Tracking

Timeline

No history available yet.