CVE-2024-56170

Name of the Vulnerable Software and Affected Versions Fort versions 1.6.4 and earlier, before 2.0.0

Description A validation integrity issue was discovered in the product. RPKI manifests, which are listings of relevant files that clients are supposed to verify, contain the manifestNumber and thisUpdate fields. These fields can be used to gauge the relevance of a given manifest when compared to other manifests. However, the product does not compare the up-to-dateness of the most recently fetched manifest against the cached manifest, making it prone to a rollback to a previous version if it's served a valid outdated manifest. This leads to outdated route origin validation.

Recommendations For Fort versions 1.6.4 and earlier, before 2.0.0, update to version 2.0.0 or later to resolve the issue. As a temporary workaround, consider implementing additional validation checks to ensure the most recent version of a manifest is prioritized over other versions. Restrict access to outdated manifests to minimize the risk of exploitation.