PT-2020-14928 · Nlnet · Routinator
Published
2020-08-05
·
Updated
2023-01-27
·
CVE-2020-17366
CVSS v3.1
7.4
High
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
NLnet Labs Routinator versions 0.1.0 through 0.7.1
Description
An issue allows remote attackers to bypass intended access restrictions or cause a denial of service on dependent routing systems. This is achieved by strategically withholding RPKI Route Origin Authorisation ".roa" files or X509 Certificate Revocation List files from the RPKI relying party's view.
Recommendations
For versions 0.1.0 through 0.7.1, ensure that all necessary RPKI Route Origin Authorisation ".roa" files and X509 Certificate Revocation List files are properly accessible to the RPKI relying party to prevent access restrictions bypass or denial of service.
Exploit
Fix
Improper Certificate Validation
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Routinator