Vulnerabilities > CVE-2019-15136 - Missing Authorization vulnerability in Eprosima Fast-Rtps

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

eprosima

CWE-862

NVD

Published: 2019-08-18

Updated: 2020-08-24

Summary

The Access Control plugin in eProsima Fast RTPS through 1.9.0 does not check partition permissions from remote participant connections, which can lead to policy bypass for a secure Data Distribution Service (DDS) partition.

Vulnerable Configurations

Part	Description	Count
Application	Eprosima Eprosima Fast Rtps 0.3.0 Eprosima Fast Rtps 0.3.1 Eprosima Fast Rtps 0.4.0 Eprosima Fast Rtps 0.5.0 Eprosima Fast Rtps 0.5.1 Eprosima Fast Rtps 0.5.2 Eprosima Fast Rtps 1.0.0 Eprosima Fast Rtps 1.0.6 Eprosima Fast Rtps 1.1.0 Eprosima Fast Rtps 1.2.0 Eprosima Fast Rtps 1.3.0 Eprosima Fast Rtps 1.3.1 Eprosima Fast Rtps 1.4.0 Eprosima Fast Rtps 1.5.0 Eprosima Fast Rtps 1.6.0 Eprosima Fast Rtps 1.7.0 Eprosima Fast Rtps 1.7.1 Eprosima Fast Rtps 1.7.2 Eprosima Fast Rtps 1.7.3 Eprosima Fast Rtps 1.8.0 Eprosima Fast Rtps 1.8.0-2 Eprosima Fast Rtps 1.8.1 Eprosima Fast Rtps 1.8.2 Eprosima Fast Rtps 1.8.3 Eprosima Fast Rtps 1.8.4 Eprosima Fast Rtps 1.8.5 Eprosima Fast Rtps 1.9.0	29

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References