PT-2020-14784 · Ripe Ncc · Ripe Ncc Rpki Validator
Published
2020-07-30
·
Updated
2024-08-04
·
CVE-2020-16162
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
RIPE NCC RPKI Validator versions 3.x through 3.1-2020.07.06.14.28
Description
An issue was discovered in the X509-based RPKI certificate-tree validation procedure, where missing validation checks on CRL presence or CRL staleness allow remote attackers to bypass intended access restrictions by using revoked certificates. This issue may have implications related to backwards compatibility.
Recommendations
For versions 3.x through 3.1-2020.07.06.14.28, consider implementing additional validation checks on CRL presence or CRL staleness in the X509-based RPKI certificate-tree validation procedure to prevent the use of revoked certificates. As a temporary workaround, restrict access to the certificate-tree validation procedure until a patch is available.
Fix
Improper Certificate Validation
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ripe Ncc Rpki Validator