CVE-2020-17366Improper Certificate Validation in Routinator

CWE-295Improper Certificate Validation3 documents3 sources
Severity
7.4HIGHNVD
EPSS
0.2%
top 51.86%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Nlnetlabs Routinator
Timeline
PublishedAug 5
Latest updateMay 24

Description

An issue was discovered in NLnet Labs Routinator 0.1.0 through 0.7.1. It allows remote attackers to bypass intended access restrictions or to cause a denial of service on dependent routing systems by strategically withholding RPKI Route Origin Authorisation ".roa" files or X509 Certificate Revocation List files from the RPKI relying party's view.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:HExploitability: 2.2 | Impact: 5.2

Affected Packages1 packages

NVDnlnetlabs/routinator0.1.00.7.1

🔴Vulnerability Details

2
GHSA
GHSA-fgpw-q4c2-rrgc: An issue was discovered in NLnet Labs Routinator 02022-05-24
CVEList
CVE-2020-17366: An issue was discovered in NLnet Labs Routinator 02020-08-05
CVE-2020-17366 — Improper Certificate Validation | cvebase