CVE-2023-41627

O-RAN Software Community ric-plt-lib-rmr v4.9.0 does not validate the source of the routing tables it receives, potentially allowing attackers to send forged routing tables to the device.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 38%
VendorProductVersion
o-ran-scric_message_router
4.9.0
𝑥
= Vulnerable software versions
References
https://jira.o-ran-sc.org/browse/RIC-1001
https://www.trendmicro.com/en_us/research/23/l/the-current-state-of-open-ran-security.html
https://jira.o-ran-sc.org/browse/RIC-1001
https://www.trendmicro.com/en_us/research/23/l/the-current-state-of-open-ran-security.html