Improper verification of the time certificate in Eclipse Cyclone DDS before v0.10.5 allows attackers to bypass certificate checks and execute commands with System privileges.
The authentication mechanism in Eclipse Cyclone DDS improperly verifies the timestamp of TLS/X.509 certificates, which corresponds to CWE-298 classification (Improper Validation of Certificate Expiration). A network attacker, without requiring privileges or user interaction, can provide a certificate with an incorrect or manipulated timestamp that will be incorrectly accepted by the system. As a result, it is possible to bypass identity control mechanisms and execute arbitrary commands.
A remote, unauthenticated attacker can completely bypass certificate verification and gain the ability to execute commands with system privileges (privilege escalation to SYSTEM level), resulting in full compromise of the vulnerable DDS node.
Eclipse Cyclone DDS should be immediately updated to version 0.10.5 or later. If an immediate update is not possible, consider isolating DDS nodes at the network level (restricting access to trusted hosts only) as a temporary measure.
Eclipse Cyclone DDS versions prior to 0.10.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HEclipse Cyclone Data Distribution Service
APPEclipse< 0.10.5
Related vulnerabilities
An integer underflow during deserialization may allow any unauthenticated user to read out of bounds heap memo...
A stack buffer overflow in /ddsi/q_bitset.h of Eclipse IOT Cyclone DDS Project v0.1.0 causes the DDS subscribe...
A heap buffer overflow in /src/dds_stream.c of Eclipse IOT Cyclone DDS Project v0.1.0 causes the DDS subscribe...
An authenticated Remote Code Execution (RCE) vulnerability was identified in GlassFish's Administration Consol...
A critical Remote Code Execution (RCE) vulnerability was identified in the server-side template rendering mech...