9.8
CVSSv3

CVE-2024-41647

CVSSv4: NA | CVSSv3: 9.8 | CVSSv2: NA | VMScore: 1000 | EPSS: 0.00063 | KEV: Not Included
Published: 06/12/2024 Updated: 13/12/2024

Vulnerability Summary

Arbitrary Code Execution via Insecure Permissions in ROS2 Navigation2

An insecure permissions vulnerability is found in Open Robotics Robotic Operating System 2 ROS2 navigation2 version humble. It allows attackers to run arbitrary code. This can be done by sending a crafted script to the nav2_mppi_controller.

Vulnerable Product Search on Vulmon Subscribe to Product

openrobotics robot operating system 2