CVE-2020-16164

Name of the Vulnerable Software and Affected Versions RIPE NCC RPKI Validator versions 3.x through 3.1-2020.07.06.14.28

Description The issue allows remote attackers to bypass intended access restrictions or cause a denial of service on dependent routing systems by strategically withholding RPKI Route Origin Authorisation ".roa" files or X509 Certificate Revocation List files from the RPKI relying party's view. A vulnerability in RPKI manifest validation exists when objects on the manifest are hidden, or expired objects are replayed, which could prevent new ROAs from being received or selectively hide ROAs, causing routes to become INVALID. To exploit this vulnerability, an attacker would need to perform a man-in-the-middle attack on the TLS connection between the validator and an RRDP repository or perform a man-in-the-middle attack against a rsync-only repository.

Recommendations To address the vulnerability, update the RIPE NCC RPKI Validator to a version that implements validation methods from RFC 6486bis and enables strict validation by default. As a temporary workaround, consider restricting access to the RPKI relying party's view to minimize the risk of exploitation. Restrict the use of .roa files or X509 Certificate Revocation List files to prevent withholding of these files from the RPKI relying party's view.