CVE-2024-30696

Name of the Vulnerable Software and Affected Versions ROS2 Galactic Geochelone versions 2

Description A remote code execution issue exists due to an OS command injection vulnerability in the command processing or system call components of ROS2, including External Command Execution Modules, System Call Handlers, and Interface Scripts. This allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information.

Recommendations For ROS2 Galactic Geochelone version 2, consider disabling the External Command Execution Modules, System Call Handlers, and Interface Scripts as a temporary workaround until a patch is available. Restrict access to the system call components to minimize the risk of exploitation. Avoid using the command processing components in ROS2 until the issue is resolved.