CVE-2024-45235

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Aug 24, 2024
Updated: Aug 26, 2024
CWE ID 476

Summary

CVE-2024-45235 is a vulnerability affecting Fort versions prior to 1.6.3, which can be exploited through a malicious RPKI repository associated with a trusted Trust Anchor. This issue arises because the resource certificate served may contain an Authority Key Identifier extension without the required keyIdentifier field, leading to an unhandled pointer reference by Fort as it acts as an RPKI Relying Party. The consequence of this vulnerability is that it can cause Route Origin Validation to become unavailable, potentially resulting in compromised routing within the network. To remediate this vulnerability, organizations are advised to update their Fort installations to version 1.6.3 or later. With a CVSS base score of 7.5, it poses a high risk due to its potential impact on availability and requires no user interaction for exploitation.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share