Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2020-16163

An issue was discovered in RIPE NCC RPKI Validator 3.x before 3.1-2020.07.06.14.28. RRDP fetches proceed even with a lack of validation of a TLS HTTPS endpoint. This allows remote attackers to bypass intended access restrictions, or to trigger denial of service to traffic directed to co-dependent routing systems. NOTE: third parties assert that the behavior is intentionally permitted by RFC 8182
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 68.3%
CVSS Severity
CVSS v3 Score 9.1
CVSS v2 Score 6.4
Products affected by CVE-2020-16163
  • Ripe » Rpki Validator 3 » Version: 3.0
    cpe:2.3:a:ripe:rpki_validator_3:3.0
  • Ripe » Rpki Validator 3 » Version: 3.1
    cpe:2.3:a:ripe:rpki_validator_3:3.1
  • Ripe » Rpki Validator 3 » Version: 3.1-2020.01.13.09.31.26
    cpe:2.3:a:ripe:rpki_validator_3:3.1-2020.01.13.09.31.26
  • Ripe » Rpki Validator 3 » Version: 3.1-2020.05.07.14.45
    cpe:2.3:a:ripe:rpki_validator_3:3.1-2020.05.07.14.45
  • Ripe » Rpki Validator 3 » Version: 3.1-2020.05.08.09
    cpe:2.3:a:ripe:rpki_validator_3:3.1-2020.05.08.09
  • Ripe » Rpki Validator 3 » Version: 3.1-2020.05.19
    cpe:2.3:a:ripe:rpki_validator_3:3.1-2020.05.19
  • Ripe » Rpki Validator 3 » Version: 3.1-2020.05.22.11.11
    cpe:2.3:a:ripe:rpki_validator_3:3.1-2020.05.22.11.11
  • Ripe » Rpki Validator 3 » Version: 3.1-2020.05.22.11.25
    cpe:2.3:a:ripe:rpki_validator_3:3.1-2020.05.22.11.25
  • Ripe » Rpki Validator 3 » Version: 3.1-2020.07.06.14.28
    cpe:2.3:a:ripe:rpki_validator_3:3.1-2020.07.06.14.28


Products
Pricing
Contact Us

Shodan ® - All rights reserved