Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2_regulated_pure_pursuit_controller.
The vulnerability results from incorrectly configured permissions in the nav2_regulated_pure_pursuit_controller module that is part of the navigation2 package for ROS2. An attacker can provide a specially crafted script that will be executed in the context of the navigation controller process. Lack of appropriate access restrictions allows malicious code to be executed without authentication and without user interaction.
An attacker can achieve full remote code execution (RCE) on the target system, potentially resulting in takeover of the robot or the entire ROS2 infrastructure, data disclosure, and violation of system integrity and availability.
Apply patches available from the vendor according to the references — the fix is in progress in the ros-navigation/navigation2 repository (pull request #4463). It is recommended to monitor the official project repository and implement the available update as soon as possible. Until patching is completed, restrict network access to ROS2 interfaces.
Open Robotics Robot Operating System 2 (ROS2) — navigation2 package in humble version
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HOpenrobotics Robot Operating System
APPOpenrobotics2
Related vulnerabilities
Use-after-free w ROS2 Nav2 humble — zdalny exploit przez nav2_amcl
Heap overflow w procesie nav2_amcl systemu ROS2 Nav2
Use-after-free w ROS2 Nav2 — zdalny atak przez parametr /amcl z_rand
Use-after-free w ROS2 Nav2 humble poprzez proces nav2_amcl
Use-after-free w ROS2 Nav2 — zdalny atak przez zmianę parametru AMCL