CVE-2023-51200

Security Misconfiguration in ROS2 Foxy Fitzroy

Security Misconfiguration

Critical (Base Score: 9.8)

The Open Source Robotics Foundation (OSRF)

ROS2 Foxy Fitzroy (ROS_VERSION=2 and ROS_PYTHON_VERSION=3)

A significant security misconfiguration issue was identified in the default configurations of ROS2 Foxy Fitzroy. This vulnerability allows unauthenticated attackers to gain access using default credentials, posing a serious threat to the integrity and security of the system.

Unauthorized Access and Control; Data Breaches; System and Network Compromise; Operational Disruption; Increased Attack Surface; Social Engineering Risks.

The vulnerability can be exploited through the use of default credentials, exploiting unchanged configuration settings, network scanning for vulnerable systems, and social engineering to gain unauthorized access.

It is critical for users to change the default configuration settings of ROS2 nodes immediately. Implementing custom, strong credentials and reviewing all configuration settings to ensure they meet security best practices are essential steps in mitigating this vulnerability.

If immediate configuration changes are not feasible, heightened monitoring for unauthorized access and regular security audits of system settings are recommended. Users should also be educated about the risks of social engineering and the importance of maintaining secure configurations.

Confirmed and published.

Yash Patel and Dr. Parag Rughani

N/A