Skip to content

RVD#3315: Cleartext transmission of sensitive information in MAVLink protocol version 1.0 and 2.0 #3315

New issue
New issue
Open
Open
RVD#3315: Cleartext transmission of sensitive information in MAVLink protocol version 1.0 and 2.0#3315
Labels
components softwareVulnerabilities in purely software robot components (e.g. a the ROS navigation stack)robot component: Ardupilotrobot component: MAVLinkrobot component: PX4severity: high7.0 - 8.9version: 1.0version: 2.0vulnerability
@vmayoral

Description

@vmayoral
vmayoral
opened on Jun 30, 2020
id: 3315
title: 'RVD#3315: Cleartext transmission of sensitive information in MAVLink protocol version 1.0 and 2.0'
type: vulnerability
description:  This vulnerability applies to the Micro Air Vehicle Link (MAVLink) protocol
  and allows a remote attacker to gain access to sensitive information provided it has
  access to the communication medium. MAVLink is a header-based protocol that does 
  not perform encryption to improve transfer (and reception speed) and efficiency by 
  design. The increasing popularity of the protocol (used accross different autopilots) 
  has led to its use in wired and wireless mediums through insecure communication 
  channels exposing sensitive information to a remote attacker with ability to intercept 
  network traffic.
cwe: CWE-319
cve: CVE-2020-10281
keywords:
- MAVLink
- v1.0
- v2.0
- PX4
- Ardupilot
system: "MAVLink: v2.0 and before"
vendor: "PX4"
severity:
  rvss-score: 7.3
  rvss-vector: RVSS:1.0/AV:AN/AC:L/PR:N/UI:N/S:U/Y:T/C:H/I:N/A:N/H:N
  severity-description: high
  cvss-score: 7.5
  cvss-vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
links:
- https://arxiv.org/abs/1906.10641
- https://arxiv.org/abs/1905.00265
- https://docs.google.com/document/d/1ETle6qQRcaNWAmpG2wz0oOpFKSF_bcTmYMQvtTGI8ns/edit
- https://docs.google.com/document/d/1upZ_KnEgK3Hk1j0DfSHl9AdKFMoSqkAQVeK8LsngvEU/edit
- https://docs.google.com/document/d/1XtbD0ORNkhZ8eKrsbSIZNLyg9sFRXMXbsR2mp37KbIg/edit
flaw:
  phase: unknown
  specificity: subject-specific
  architectural-location: platform code
  application: Flying vehicles and/or others using MAVLink protocol.
  subsystem: communication
  package: N/A
  languages: C, C++
  date-detected: 
  detected-by: 
  detected-by-method: testing
  date-reported: '2020-06-30'
  reported-by: "Victor Mayoral Vilches (Alias Robotics)"
  reported-by-relationship: security researcher
  issue: https://github.com/aliasrobotics/RVD/issues/3315
  reproducibility: always
  trace: N/A
  reproduction: N/A
  reproduction-image: N/A
exploitation:
  description: Not available
  exploitation-image: Not available
  exploitation-vector: Not available
  exploitation-recipe: ''
mitigation:
  description: See https://arxiv.org/abs/1905.00265 for a first approach though not source code was found at the time of reporting.
  pull-request: N/A
  date-mitigation: null

Metadata

Metadata

Assignees

No one assigned

    Labels

    components softwareVulnerabilities in purely software robot components (e.g. a the ROS navigation stack)robot component: Ardupilotrobot component: MAVLinkrobot component: PX4severity: high7.0 - 8.9version: 1.0version: 2.0vulnerability

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions