CVE-2024-45238

Summary

CVE-2024-45238 is a vulnerability affecting Fort versions prior to 1.6.3, which can be exploited through a malicious RPKI repository that improperly serves a resource certificate leading to a null pointer dereference. This issue arises when OpenSSL, specifically versions below 3, fails to report the parsing problem, resulting in potential crashes of Fort, which acts as an RPKI Relying Party. The vulnerability poses a high risk due to its potential to disrupt Route Origin Validation, thereby compromising network routing availability. Organizations using affected products (identified as x-PQLf, x-PInm, and x-PInn) should upgrade to Fort version 1.6.3 or later as a remediation step. The base severity rating for this vulnerability is high (7.5), with an exploitability score of 3.9 indicating low complexity but significant impact on availability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.