CVE-2024-45239

Summary

CVE-2024-45239 affects Fort versions prior to 1.6.3, where a malicious RPKI repository can exploit a null eContent field, leading to the dereferencing of a pointer without prior sanitization. This vulnerability can cause the Fort RPKI Relying Party to crash, resulting in Route Origin Validation becoming unavailable and potentially compromising routing integrity. Organizations using affected Fort products are at risk, as the availability impact is rated high with a base score of 7.5 on the CVSS scale. To remediate this issue, upgrading to version 1.6.3 or later is essential to mitigate the vulnerability's effects. The attack vector is categorized as network-based with low complexity and does not require user interaction or elevated privileges for exploitation.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.