CVE-2022-24798 is a vulnerability affecting the Internet Routing Registry daemon (IRRd) version 4, specifically versions 4.2.0 up to but not including 4.2.3. IRRd is a server software that manages Internet Routing Registry (IRR) databases, which store routing policy objects in the Routing Policy Specification Language (RPSL) format. These IRR databases are critical infrastructure components used by network operators to publish and share routing policies and maintain accurate routing information. The vulnerability arises from improper removal of sensitive information before storage or transfer (CWE-212). Specifically, IRRd did not consistently filter out password hashes in query responses related to 'mntner' objects (maintainer objects that include authentication credentials) and during database exports. As a result, an attacker able to query an authoritative IRRd instance could retrieve password hashes. These hashes could then be subjected to offline brute-force attacks to recover the clear-text passphrases. With the recovered credentials, an adversary could make unauthorized modifications to IRR objects, potentially altering routing policies or injecting malicious routing information. This vulnerability only affects IRRd instances that serve authoritative databases and process password hashes; mirror-only instances are not impacted. The issue was fixed in IRRd version 4.2.3 and the main development branch. Versions in the 4.1.x series were never affected. There are no known workarounds, so upgrading to 4.2.3 or later is strongly recommended. No known exploits have been observed in the wild to date. The vulnerability impacts the confidentiality and integrity of IRR data and could indirectly affect network availability if routing policies are maliciously altered.

For European organizations, particularly Internet Service Providers (ISPs), network operators, and Internet Exchange Points (IXPs) that rely on IRRd authoritative instances to manage routing policies, this vulnerability poses a significant risk. Unauthorized access to maintainer credentials could allow attackers to modify routing objects, potentially leading to route hijacking, traffic interception, or denial of service through incorrect routing announcements. Such disruptions could affect critical infrastructure, financial institutions, government networks, and large enterprises dependent on stable and secure Internet routing. The impact on confidentiality arises from exposure of password hashes, while integrity is compromised by the possibility of unauthorized changes to IRR objects. Availability could be indirectly affected if routing disruptions occur. Given the central role of IRR in Internet routing security, exploitation could have cascading effects on network trust and stability across European networks. However, the vulnerability requires access to authoritative IRRd instances, which may limit the scope to organizations operating these servers. Mirror-only IRRd instances, commonly used for read-only purposes, are not affected, somewhat reducing the overall exposure.

The primary and only effective mitigation is to upgrade all affected IRRd authoritative instances to version 4.2.3 or later, where the vulnerability has been fixed. Organizations should audit their IRRd deployments to identify any instances running versions >=4.2.0 and <4.2.3 and prioritize patching. Since no workarounds exist, patch management is critical. Additionally, organizations should review access controls to IRRd query interfaces to restrict queries to trusted users and networks, minimizing the risk of unauthorized hash retrieval. Monitoring and logging of IRRd queries can help detect unusual access patterns indicative of reconnaissance or exploitation attempts. Network operators should also verify the integrity of their IRR objects post-patch to ensure no unauthorized changes have occurred. Employing strong, complex passwords for maintainer objects reduces the risk of successful brute-force attacks on any exposed hashes. Finally, organizations should consider implementing additional routing security measures such as Resource Public Key Infrastructure (RPKI) validation and BGP Origin Validation to mitigate the impact of potential IRR data tampering.