Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
PX4 Autopilot MAVLink FTP Session Validation Logic Error Allows Operations on Invalid File Descriptors
Vulnerability Description
PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, A logic error in the PX4 Autopilot MAVLink FTP session validation uses incorrect boolean logic (&& instead of ||), allowing BurstReadFile and WriteFile operations to proceed with invalid sessions or closed file descriptors. This enables an unauthenticated attacker to put the FTP subsystem into an inconsistent state, trigger operations on invalid file descriptors, and bypass session isolation checks. This vulnerability is fixed in 1.17.0-rc2.
CVSS Information
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Vulnerability Type
控制流实现总是不正确
Vulnerability Title
PX4-Autopilot 安全漏洞
Vulnerability Description
PX4-Autopilot是PX4 Autopilot开源的一个无人机自动驾驶系统。 PX4-Autopilot 1.17.0-rc2之前版本存在安全漏洞,该漏洞源于PX4 Autopilot MAVLink FTP会话验证中存在逻辑错误,可能导致未经验证的攻击者使FTP子系统进入不一致状态并绕过会话隔离检查。
CVSS Information
N/A
Vulnerability Type
N/A