CVE-2023-24010

Name of the Vulnerable Software and Affected Versions Data Distribution Service (DDS) (affected versions not specified)

Description The issue allows an attacker to compromise and gain full control of a secure DDS databus system by exploiting vulnerable attributes in the configuration of PKCS#7 certificate validation. This is due to a non-compliant implementation of permission document verification used by some DDS vendors, specifically an improper use of the OpenSSL PKCS7 verify function used to validate S/MIME signatures.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.