CVE-2023-50257

Summary

CVE-2023-50257 is a vulnerability affecting eProsima Fast DDS (Fast RTPS), a C++ implementation of the Data Distribution Service standard. The issue lies in the lack of encryption for data and `guid` values used to disconnect between nodes, enabling a malicious attacker to forcibly disconnect a Subscriber and prevent it from reconnecting. This can cause all Subscribers connected to the Publisher to stop receiving data and lose their connection. Continuous transmission of the disconnection packet can also prevent new Subscribers from connecting. The Disconnect Vulnerability in RTPS Packets has been present since the initial commit of the `SecurityManager.cpp` code in 2016, impacting versions 2.13.0, 2.12.2, 2.11.3, 2.10.3, and 2.6.7 of Fast DDS.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.