CVE-2024-41648
CVSS 3.1 Score 9.8 of 10 (high)
Details
Published Dec 6, 2024
Updated: Dec 13, 2024
CWE ID 281
Summary
CVE-2024-41648 is a new vulnerability affecting Open Robotics Robotic Operating System 2 (ROS2) and specifically the navigation2 v.humble package. This issue involves insecure permissions that enable an attacker to execute arbitrary code by crafting a malicious script for the nav2_regulated_pure_pursuit_controller component. Unauthorized access and potential system compromise may result from successful exploitation of this vulnerability. Users of ROS2 are advised to apply the forthcoming patch as soon as it becomes available to mitigate the risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- Openrobotics Robot Operating System
Affected Vendors
- Open Robotics