Vulnerability Details : CVE-2023-33567
An unauthorized access vulnerability has been discovered in ROS2 Foxy Fitzroy versions where ROS_VERSION is 2 and ROS_PYTHON_VERSION is 3. This vulnerability could potentially allow a malicious user to gain unauthorized access to multiple ROS2 nodes remotely. Unauthorized access to these nodes could result in compromised system integrity, the execution of arbitrary commands, and disclosure of sensitive information. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability.
Vulnerability category: Bypass
Products affected by CVE-2023-33567
- cpe:2.3:a:openrobotics:robot_operating_system:2:foxy:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-33567
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 15 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-33567
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
References for CVE-2023-33567
-
http://www.openwall.com/lists/oss-security/2024/04/23/3
oss-security - Re: 83 bogus CVEs assigned to Robot Operating System (ROS)
-
http://www.openwall.com/lists/oss-security/2024/04/23/5
oss-security - Re: 83 bogus CVEs assigned to Robot Operating System (ROS)
-
http://www.openwall.com/lists/oss-security/2024/04/23/4
oss-security - Re: 83 bogus CVEs assigned to Robot Operating System (ROS)
-
http://www.openwall.com/lists/oss-security/2024/04/23/2
oss-security - 83 bogus CVEs assigned to Robot Operating System (ROS)
-
https://github.com/16yashpatel/CVE-2023-33567
GitHub - 16yashpatel/CVE-2023-33567: Unauthorized Access Vulnerability in ROS2 Foxy FitzroyThird Party Advisory
Jump to