NASA Core Flight System (cFS) Health & Safety (HS) Application
Summary
A NULL Pointer Dereference vulnerability has been identified in NASA's Core Flight System (cFS) Health & Safety (HS) Application. Successful exploitation could allow an unauthenticated attacker to cause a denial-of-service condition by crashing the application.
IFF Assessment
The identified vulnerability allows for denial-of-service, which is a negative outcome for system availability and therefore bad news for defenders.
Severity
The CVSS score of 7.5 (HIGH) is derived from a network attack vector (AV:N), low complexity (AC:L), no privileges required (PR:N), no user interaction needed (UI:N), and no impact on confidentiality or integrity (C:N/I:N), but with a significant impact on availability (A:H).
Defender Context
This alert highlights a critical vulnerability in NASA's Core Flight System (cFS) HS Application, a component used in transportation systems worldwide. Defenders should be aware of potential DoS attacks targeting this system, especially given the lack of authentication or user interaction required for exploitation. Prompt patching to version 7.0.1 is strongly recommended.