RPKI Validator Access Restriction Bypass and Denial of Service Vulnerability

RPKI Validator Access Restriction Bypass and Denial of Service Vulnerability

CVE-2020-16164 · HIGH Severity

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

An issue was discovered in RIPE NCC RPKI Validator 3.x through 3.1-2020.07.06.14.28. It allows remote attackers to bypass intended access restrictions or to cause a denial of service on dependent routing systems by strategically withholding RPKI Route Origin Authorisation ".roa" files or X509 Certificate Revocation List files from the RPKI relying party's view. NOTE: some third parties may regard this as a preferred behavior, not a vulnerability

Learn more about our Web Application Penetration Testing UK.