{
"id": 926,
"title": "RVD#926: SROS2 leaks node information, regardless of rtps_protection_kind setup",
"type": "vulnerability",
"description": "We found that regardless of the rtps_protection_kind configuration, SROS 2 leaks ROS 2 node-related information. SROS2 provides the tools to generate and distribute keys for ROS 2 and use the underlying security plugins of DDS from ROS 2. This flaw follows from RVD#922 (https://github.com/aliasrobotics/RVD/issues/922) and exposes the underlying problem in the security tooling of ROS 2 that apparently leads to node information disclosure. At the time of reporting, this issue has been confirmed with FastRTPS DDS implementation as the underlying communication middleware of ROS 2.",
"cwe": "CWE-200 (Information Exposure)",
"cve": "CVE-2019-19627",
"keywords": [
"Robot Operating System 2",
"ROS 2",
"eloquent",
"dashing"
],
"system": "ros2",
"vendor": "",
"severity": {
"rvss-score": 6.5,
"rvss-vector": "RVSS:1.0/AV:AN/AC:L/PR:N/UI:N/Y:Z/S:U/C:N/I:N/A:H/H:N",
"severity-description": "high",
"cvss-score": 7.5,
"cvss-vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"links": [
"https://ros-swg.github.io/ROSCon19_Security_Workshop/",
"https://github.com/ros-swg/turtlebot3_demo",
"https://github.com/aliasrobotics/RVD/issues/922",
"https://github.com/ros2/sros2/issues/172",
"https://asciinema.org/a/yuGkBlaPC33wqL4qABRlgxBkd"
],
"flaw": {
"phase": "runtime-operation",
"specificity": "ROS-specific",
"architectural-location": "platform code",
"application": "any ROS 2 node communicating",
"subsystem": "cognition:middleware",
"package": "sros2",
"languages": "Python",
"date-detected": null,
"detected-by": "Victor Mayoral Vilches and Lander Usategui San Juan (Alias Robotics)",
"detected-by-method": "runtime detection",
"date-reported": "2019-12-06",
"reported-by": "Victor Mayoral Vilches and Lander Usategui San Juan (Alias Robotics)",
"reported-by-relationship": "security researcher",
"issue": "https://github.com/aliasrobotics/RVD/issues/926",
"reproducibility": "always",
"trace": "N/A",
"reproduction": "https://asciinema.org/a/yuGkBlaPC33wqL4qABRlgxBkd",
"reproduction-image": "Not available"
},
"exploitation": {
"description": "A simple use of ros2cli allows to exploit this flaw. See https://asciinema.org/a/yuGkBlaPC33wqL4qABRlgxBkd for a walkthrough.",
"exploitation-image": "Not available",
"exploitation-vector": "Not available"
},
"mitigation": {
"description": "Ongoing discussion. For now, it's recommended to use static endpoints and avoid dynamic discovery to mitigate this flaw.",
"pull-request": "https://github.com/ros2/sros2/issues/172 (issue, not PR)",
"date-mitigation": ""
}
}