Vulnerability Details : CVE-2019-15137
The Access Control plugin in eProsima Fast RTPS through 1.9.0 allows fnmatch pattern matches with topic name strings (instead of the permission expressions themselves), which can lead to unintended connections between participants in a Data Distribution Service (DDS) network.
Products affected by CVE-2019-15137
- cpe:2.3:a:eprosima:fast-rtps:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-15137
0.07%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 29 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-15137
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:N |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
3.9
|
3.6
|
NIST |
References for CVE-2019-15137
-
https://github.com/eProsima/Fast-RTPS/issues/441
Misuse of fnmatch used by DDS Security Access Control [5677] · Issue #441 · eProsima/Fast-RTPS · GitHubPatch;Third Party Advisory
-
https://arxiv.org/abs/1908.05310
[1908.05310] Network Reconnaissance and Vulnerability Excavation of Secure DDS SystemsThird Party Advisory
Jump to