CVE-2020-17366

HIGH

NLnet Labs Routinator <0.7.1 - Auth Bypass/DoS

Title source: llm
STIX 2.1

Description

An issue was discovered in NLnet Labs Routinator 0.1.0 through 0.7.1. It allows remote attackers to bypass intended access restrictions or to cause a denial of service on dependent routing systems by strategically withholding RPKI Route Origin Authorisation ".roa" files or X509 Certificate Revocation List files from the RPKI relying party's view.

References (2)

Core 2
Core References
Exploit, Issue Tracking, Third Party Advisory x_refsource_misc
https://github.com/NLnetLabs/routinator/issues/319
Release Notes, Third Party Advisory x_refsource_misc
https://github.com/NLnetLabs/routinator/releases/tag/v0.8.0

Scores

CVSS v3 7.4
EPSS 0.0075
EPSS Percentile 50.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

Details

CWE
CWE-295
Status published
Products (1)
nlnetlabs/routinator 0.1.0 - 0.7.1
Published Aug 05, 2020
Tracked Since Feb 18, 2026