NASA cFS Ground System Deserialization RCE via Pickle

# NASA cFS 7.0.0 Code Execution Vulnerability Summary ### Vulnerability Overview * **Vulnerability Type**: Deserialization Vulnerability / Arbitrary Code Execution * **Affected Component**: NASA cFS Ground System (Python Backend) * **Description**: An attacker can exploit a deserialization flaw by modifying a Python pickle payload in the `cFS Ground System`, injecting arbitrary Python code during deserialization via the `__reduce__` method. * **Trigger Mechanism**: The malicious code executes when an operator opens the corresponding command page in the Ground System GUI. * **Attack Surface**: A malicious pickle payload as small as 62 bytes can execute arbitrary OS commands. Serialized data (command descriptors, parameters) consists solely of Python lists and strings, with no technical constraints on pickle usage. JSON is a direct drop-in replacement. ### Impact Scope * **Affected Files**: * `cFS-GroundSystem/Subsystem/cmd2GuiCmdCommands.py` (Lines 68–69, 170–178) * `cFS-GroundSystem/Subsystem/cmd2GuiCmdCommands.py` (Lines 71–72) * **Attack Requirement**: The attacker must have write access to `CommandDir` or `ParameterDir` to modify pickle files. ### Remediation * **Recommended Fix**: Replace pickle with JSON for serialization/deserialization. * **Expected Behavior**: Command descriptor files should be deserialized into a safe format (e.g., JSON), which does not support arbitrary code execution. * **Security Principle**: No pickle file should be loaded without integrity verification. ### Vulnerable Code Snippet (Code Snips) The following code snippet from `cmd2GuiCmdCommands.py` contains the core vulnerability: ```python # cFS-GroundSystem/Subsystem/cmd2GuiCmdCommands.py (lines 68–69, 170–178) with open(pickle_file, 'rb') as pickle_obj: cmd_desc, cmd_code, param_files = pickle.load(pickle_obj) # cFS-GroundSystem/Subsystem/cmd2GuiCmdCommands.py (lines 71–72) # (Code truncated in screenshot; the vulnerability lies in the above pickle.load usage) ``` ### Proof of Concept (To Reproduce) 1. Craft a malicious pickle file using Python’s `__reduce__` to invoke `os.system()` with an arbitrary command. 2. Place the file in the `CommandDir` of the cFS Ground System. 3. Launch the Ground System and navigate to the command page that loads the pickle file. 4. The embedded command executes with operator privileges — confirmed via creation of a harmless marker file. *Proof-of-concept source and output available upon request.*

Goal Reached Thanks to every supporter — we hit 100%!

NASA cFS Ground System Deserialization RCE via Pickle

More from this source