CVE-2023-41627

Name of the Vulnerable Software and Affected Versions O-RAN Software Community ric-plt-lib-rmr version 4.9.0

Description The issue is related to the lack of validation of the source of routing tables received by the device, potentially allowing attackers to send forged routing tables. This could lead to unauthorized modifications of the device's routing configuration.

Recommendations For version 4.9.0, consider implementing source validation for routing tables to prevent forged updates until a patch is available. As a temporary workaround, restrict access to the routing table update mechanism to minimize the risk of exploitation.