CVE-2024-45236

Summary

CVE-2024-45236 affects multiple versions of Fort prior to 1.6.3, where a vulnerability exists due to the handling of signed objects from a malicious RPKI repository with an empty signedAttributes field. This flaw allows Fort, acting as an RPKI Relying Party, to access elements without proper sanitization, potentially leading to system crashes and Route Origin Validation unavailability. The severity rating for this vulnerability is classified as high, with an availability impact score of 7.5 and an exploitability score of 3.9, indicating it can be exploited via network attacks without requiring user interaction or special privileges. Organizations using the affected Fort products should implement patches provided in third-party advisories to remediate this vulnerability and safeguard their routing infrastructure against possible compromises. Failure to address this issue could result in significant disruptions in network operations due to compromised routing integrity.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.