Eclipse Cyclone DDS is a distributed systems platform that enables real-time communication between devices. The vulnerability in question allows attackers to bypass certificate checks and execute commands with System privileges by manipulating the time certificate.
You're affected if you use Improper verification of the time certificate. Specific version info not stated in the advisory. If you don't recognise this software, you're probably not affected.
Upgrade to Eclipse Cyclone DDS version 0.10.5 or later.
https://download.eclipse.org/cyclonedds/releases/0.10.5/
- Immediate mitigations:
- Restrict network access to your Cyclone DDS instance (firewall it from the public internet)
- Audit system activity for suspicious access patterns
- Monitor for unauthorized command execution