CVE-2019-15137

EUVD-2019-6205
The Access Control plugin in eProsima Fast RTPS through 1.9.0 allows fnmatch pattern matches with topic name strings (instead of the permission expressions themselves), which can lead to unintended connections between participants in a Data Distribution Service (DDS) network.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 46%
Affected Products (NVD)
VendorProductVersion
eprosimafast-rtps
𝑥
≤ 1.9.0
𝑥
= Vulnerable software versions
References
https://arxiv.org/abs/1908.05310
https://github.com/eProsima/Fast-RTPS/issues/441
https://arxiv.org/abs/1908.05310
https://github.com/eProsima/Fast-RTPS/issues/441