The Memory Management Module of NASA cFS (Core Flight System) Aquila has insecure permissions, which can be exploited to gain an RCE on the platform.
The vulnerability results from improperly configured access permissions to resources in the memory management module of the cFS system. Insufficient restrictions allow an attacker to gain unauthorized access to sensitive operations of this module. Exploitation requires no authentication or user interaction, and the attack can be conducted remotely over the network.
An attacker can gain full control over the platform through remote code execution (RCE), resulting in loss of confidentiality, integrity, and availability of the system.
Patches available from the vendor should be applied in accordance with the references. Detailed information regarding available fixes can be found in the report published by VisionSpace at the address indicated in the references.
NASA cFS (Core Flight System) version Aquila
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HNasa Core Flight System
APPNasa6.7.0
Related vulnerabilities
NASA cFS (Core Flight System) Aquila is vulnerable to segmentation fault via sending a malicious telecommand t...
In NASA cFS (Core Flight System) Aquila, it is possible to put the onboard software in a state that will preve...
NASA cFS (Core Flight System) Aquila is vulnerable to path traversal in the OSAL module, allowing the override...
A vulnerability was determined in NASA cFS up to 7.0.0. This impacts the function CFE_SB_TransmitMsg of the fi...
A vulnerability was found in NASA cFS up to 7.0.0. This affects the function CFE_MSG_GetSize of the file apps/...