CVE-2024-41648

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Dec 6, 2024
Updated: Dec 13, 2024
CWE ID 281

Summary

CVE-2024-41648 is a new vulnerability affecting Open Robotics Robotic Operating System 2 (ROS2) and specifically the navigation2 v.humble package. This issue involves insecure permissions that enable an attacker to execute arbitrary code by crafting a malicious script for the nav2_regulated_pure_pursuit_controller component. Unauthorized access and potential system compromise may result from successful exploitation of this vulnerability. Users of ROS2 are advised to apply the forthcoming patch as soon as it becomes available to mitigate the risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Openrobotics Robot Operating System

Affected Vendors

  • Open Robotics