Products
RTI Connext Professional
- 5.3.1 - 6.1.0 before 6.1.1
Source
cve@mitre.org
Tags
CVE-2024-25724 details
Last Modified : May 21, 2024, 7:15 p.m.
Description
In RTI Connext Professional 5.3.1 through 6.1.0 before 6.1.1, a buffer overflow in XML parsing from Routing Service, Recording Service, Queuing Service, and Cloud Discovery Service allows attackers to execute code with the affected service's privileges, compromise the service's integrity, leak sensitive information, or crash the service. These attacks could be done via a remote malicious RTPS message; a compromised call with malicious parameters to the RTI_RoutingService_new, rti::recording::Service, RTI_QueuingService_new, or RTI_CDS_Service_new public APIs; or a compromised local file system containing a malicious XML file.
CVSS Score
1 | 2 | 3 | 4 | 5 | 6 | 7.3 | 8 | 9 | 10 |
---|
Weakness
Weakness | Name | Description |
---|
CVSS Data
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
7.3
Exploitability Score
Impact Score
Base Severity
HIGH
Vector String : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H
References
URL | Source |
---|---|
https://community.rti.com/static/documentation/connext-dds/current/doc/vulnerabilities/index.html#cve-2024-25724 | cve@mitre.org |