9.8
CVE-2022-48198
- EPSS 1.09%
- Veröffentlicht 01.01.2023 07:15:10
- Zuletzt bearbeitet 11.04.2025 14:15:22
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginThe ntpd_driver component before 1.3.0 and 2.x before 2.2.0 for Robot Operating System (ROS) allows attackers, who control the source code of a different node in the same ROS application, to change a robot's behavior. This occurs because a topic name depends on the attacker-controlled time_ref_topic parameter.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ntpd Driver Project ≫ Ntpd Driver Version < 1.3.0
Ntpd Driver Project ≫ Ntpd Driver Version >= 2.0.0 < 2.2.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.09% | 0.609 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-668 Exposure of Resource to Wrong Sphere
The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.
https://github.com/vooon/ntpd_driver/compare/1.2.0...1.3.0
https://github.com/vooon/ntpd_driver/compare/2.1.0...2.2.0
https://github.com/vooon/ntpd_driver/issues/9