CVE-2024-5684 (GCVE-0-2024-5684)
Vulnerability from cvelistv5 – Published: 2024-06-06 12:54 – Updated: 2024-08-01 21:18
VLAI
Title
ID Charger Connect & Pro - JWT-Null-Algorithm
Summary
An attacker with access to the private network (the charger is connected to) or local access to the Ethernet-Interface can exploit a faulty implementation of the JWT-library in order to bypass the password authentication to the web configuration interface and then has full access as the user would have. However, an attacker will not have developer or admin rights. If the implementation of the JWT-library is wrongly configured to accept "none"-algorithms, the server will pass insecure JWT. A local, unauthenticated attacker can exploit this vulnerability to bypass the authentication mechanism.
Severity
6.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-345 - Insufficient Verification of Data Authenticity
Assigner
References
1 reference
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| Volkswagen Group Charging GmbH - Elli, EVBox | ID Charger Connect & Pro |
Affected:
SPR3.2B
Affected: SPR3.51 Affected: SPR3.52 |
|
| volkswagen_group_charging_gmbh_elli_evbox | id_charger_connect_and_pro |
Affected:
spr3.2b
cpe:2.3:a:volkswagen_group_charging_gmbh_elli_evbox:id_charger_connect_and_pro:spr3.2b:*:*:*:*:*:*:* |
|
| volkswagen_group_charging_gmbh_elli_evbox | id_charger_connect_and_pro |
Affected:
spr3.51
cpe:2.3:a:volkswagen_group_charging_gmbh_elli_evbox:id_charger_connect_and_pro:spr3.51:*:*:*:*:*:*:* |
|
| volkswagen_group_charging_gmbh_elli_evbox | id_charger_connect_and_pro |
Affected:
spr3.52
cpe:2.3:a:volkswagen_group_charging_gmbh_elli_evbox:id_charger_connect_and_pro:spr3.52:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:volkswagen_group_charging_gmbh_elli_evbox:id_charger_connect_and_pro:spr3.2b:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "id_charger_connect_and_pro",
"vendor": "volkswagen_group_charging_gmbh_elli_evbox",
"versions": [
{
"status": "affected",
"version": "spr3.2b"
}
]
},
{
"cpes": [
"cpe:2.3:a:volkswagen_group_charging_gmbh_elli_evbox:id_charger_connect_and_pro:spr3.51:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "id_charger_connect_and_pro",
"vendor": "volkswagen_group_charging_gmbh_elli_evbox",
"versions": [
{
"status": "affected",
"version": "spr3.51"
}
]
},
{
"cpes": [
"cpe:2.3:a:volkswagen_group_charging_gmbh_elli_evbox:id_charger_connect_and_pro:spr3.52:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "id_charger_connect_and_pro",
"vendor": "volkswagen_group_charging_gmbh_elli_evbox",
"versions": [
{
"status": "affected",
"version": "spr3.52"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5684",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-06T13:27:31.304336Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T13:40:30.790Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:18:06.963Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://asrg.io/security-advisories/vulnerability-in-id-charger-connect-and-pro-from-volkswagen-group-charging-gmbh-elli-evbox-versions-spr3-2b-spr3-51-and-spr3-52/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ID Charger Connect \u0026 Pro",
"vendor": "Volkswagen Group Charging GmbH - Elli, EVBox",
"versions": [
{
"status": "affected",
"version": "SPR3.2B"
},
{
"status": "affected",
"version": "SPR3.51"
},
{
"status": "affected",
"version": "SPR3.52"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Anna Breeva (PCAutomotive)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An attacker with access to the private network (the charger is connected to) or local access to the Ethernet-Interface can exploit a faulty implementation of the JWT-library in order to bypass the password authentication to the web configuration interface and then has full access as the user would have. However, an attacker will not have developer or admin rights. If the implementation of the JWT-library is wrongly configured to accept \"none\"-algorithms, the server will pass insecure JWT. A local, unauthenticated attacker can exploit this vulnerability to bypass the authentication mechanism."
}
],
"value": "An attacker with access to the private network (the charger is connected to) or local access to the Ethernet-Interface can exploit a faulty implementation of the JWT-library in order to bypass the password authentication to the web configuration interface and then has full access as the user would have. However, an attacker will not have developer or admin rights. If the implementation of the JWT-library is wrongly configured to accept \"none\"-algorithms, the server will pass insecure JWT. A local, unauthenticated attacker can exploit this vulnerability to bypass the authentication mechanism."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-345",
"description": "CWE-345 Insufficient Verification of Data Authenticity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T12:54:09.480Z",
"orgId": "c15abc07-96a9-4d11-a503-5d621bfe42ba",
"shortName": "ASRG"
},
"references": [
{
"url": "https://asrg.io/security-advisories/vulnerability-in-id-charger-connect-and-pro-from-volkswagen-group-charging-gmbh-elli-evbox-versions-spr3-2b-spr3-51-and-spr3-52/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "ID Charger Connect \u0026 Pro - JWT-Null-Algorithm",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c15abc07-96a9-4d11-a503-5d621bfe42ba",
"assignerShortName": "ASRG",
"cveId": "CVE-2024-5684",
"datePublished": "2024-06-06T12:54:09.480Z",
"dateReserved": "2024-06-06T12:47:48.760Z",
"dateUpdated": "2024-08-01T21:18:06.963Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2024-5684",
"date": "2026-06-12",
"epss": "0.00023",
"percentile": "0.06816"
},
"fkie_nvd": {
"configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:vw:id.charger_connect_firmware:spr3.2:beta:*:*:*:*:*:*\", \"matchCriteriaId\": \"7EC6FAEB-299C-4B80-86DC-DCF360112634\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:vw:id.charger_connect_firmware:spr3.51:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"38C5905C-1F7A-4747-8983-F40270C34A17\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:vw:id.charger_connect_firmware:spr3.52:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"25691151-74B1-4B0D-BFDD-AE683B5C50C1\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:vw:id.charger_connect:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"96237641-90A5-4382-96DF-52A7BDAC1F81\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:vw:id.charger_pro_firmware:spr3.2:beta:*:*:*:*:*:*\", \"matchCriteriaId\": \"1977125C-AF1C-41EF-86A1-CF4549F22EF9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:vw:id.charger_pro_firmware:spr3.51:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2F73F41A-6D43-4743-A8F2-F13A2C351AAE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:vw:id.charger_pro_firmware:spr3.52:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2A391298-4342-4A2D-B16B-77AC8FDD09F9\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:vw:id.charger_pro:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E2DBD3C1-5775-474D-BAD0-A1775DC80326\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"An attacker with access to the private network (the charger is connected to) or local access to the Ethernet-Interface can exploit a faulty implementation of the JWT-library in order to bypass the password authentication to the web configuration interface and then has full access as the user would have. However, an attacker will not have developer or admin rights. If the implementation of the JWT-library is wrongly configured to accept \\\"none\\\"-algorithms, the server will pass insecure JWT. A local, unauthenticated attacker can exploit this vulnerability to bypass the authentication mechanism.\"}, {\"lang\": \"es\", \"value\": \"Un atacante con acceso a la red privada (a la que est\\u00e1 conectado el cargador) o acceso local a la interfaz Ethernet puede explotar una implementaci\\u00f3n defectuosa de la librer\\u00eda JWT para omitir la autenticaci\\u00f3n de contrase\\u00f1a en la interfaz de configuraci\\u00f3n web y luego tener acceso completo como lo habr\\u00eda hecho el usuario. Sin embargo, un atacante no tendr\\u00e1 derechos de desarrollador ni de administrador. Si la implementaci\\u00f3n de la librer\\u00eda JWT est\\u00e1 configurada incorrectamente para aceptar algoritmos \\\"ninguno\\\", el servidor pasar\\u00e1 JWT inseguro. Un atacante local no autenticado puede aprovechar esta vulnerabilidad para eludir el mecanismo de autenticaci\\u00f3n.\"}]",
"id": "CVE-2024-5684",
"lastModified": "2024-11-21T09:48:09.440",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"cve@asrg.io\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\", \"baseScore\": 6.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"ADJACENT_NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 3.4}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"ADJACENT_NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}]}",
"published": "2024-06-06T13:15:32.027",
"references": "[{\"url\": \"https://asrg.io/security-advisories/vulnerability-in-id-charger-connect-and-pro-from-volkswagen-group-charging-gmbh-elli-evbox-versions-spr3-2b-spr3-51-and-spr3-52/\", \"source\": \"cve@asrg.io\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://asrg.io/security-advisories/vulnerability-in-id-charger-connect-and-pro-from-volkswagen-group-charging-gmbh-elli-evbox-versions-spr3-2b-spr3-51-and-spr3-52/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
"sourceIdentifier": "cve@asrg.io",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"cve@asrg.io\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-345\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-345\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-5684\",\"sourceIdentifier\":\"cve@asrg.io\",\"published\":\"2024-06-06T13:15:32.027\",\"lastModified\":\"2024-11-21T09:48:09.440\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An attacker with access to the private network (the charger is connected to) or local access to the Ethernet-Interface can exploit a faulty implementation of the JWT-library in order to bypass the password authentication to the web configuration interface and then has full access as the user would have. However, an attacker will not have developer or admin rights. If the implementation of the JWT-library is wrongly configured to accept \\\"none\\\"-algorithms, the server will pass insecure JWT. A local, unauthenticated attacker can exploit this vulnerability to bypass the authentication mechanism.\"},{\"lang\":\"es\",\"value\":\"Un atacante con acceso a la red privada (a la que est\u00e1 conectado el cargador) o acceso local a la interfaz Ethernet puede explotar una implementaci\u00f3n defectuosa de la librer\u00eda JWT para omitir la autenticaci\u00f3n de contrase\u00f1a en la interfaz de configuraci\u00f3n web y luego tener acceso completo como lo habr\u00eda hecho el usuario. Sin embargo, un atacante no tendr\u00e1 derechos de desarrollador ni de administrador. Si la implementaci\u00f3n de la librer\u00eda JWT est\u00e1 configurada incorrectamente para aceptar algoritmos \\\"ninguno\\\", el servidor pasar\u00e1 JWT inseguro. Un atacante local no autenticado puede aprovechar esta vulnerabilidad para eludir el mecanismo de autenticaci\u00f3n.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"cve@asrg.io\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\",\"baseScore\":6.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":2.8,\"impactScore\":3.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"cve@asrg.io\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-345\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-345\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:vw:id.charger_connect_firmware:spr3.2:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"7EC6FAEB-299C-4B80-86DC-DCF360112634\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:vw:id.charger_connect_firmware:spr3.51:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"38C5905C-1F7A-4747-8983-F40270C34A17\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:vw:id.charger_connect_firmware:spr3.52:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"25691151-74B1-4B0D-BFDD-AE683B5C50C1\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:vw:id.charger_connect:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"96237641-90A5-4382-96DF-52A7BDAC1F81\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:vw:id.charger_pro_firmware:spr3.2:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"1977125C-AF1C-41EF-86A1-CF4549F22EF9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:vw:id.charger_pro_firmware:spr3.51:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F73F41A-6D43-4743-A8F2-F13A2C351AAE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:vw:id.charger_pro_firmware:spr3.52:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2A391298-4342-4A2D-B16B-77AC8FDD09F9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:vw:id.charger_pro:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E2DBD3C1-5775-474D-BAD0-A1775DC80326\"}]}]}],\"references\":[{\"url\":\"https://asrg.io/security-advisories/vulnerability-in-id-charger-connect-and-pro-from-volkswagen-group-charging-gmbh-elli-evbox-versions-spr3-2b-spr3-51-and-spr3-52/\",\"source\":\"cve@asrg.io\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://asrg.io/security-advisories/vulnerability-in-id-charger-connect-and-pro-from-volkswagen-group-charging-gmbh-elli-evbox-versions-spr3-2b-spr3-51-and-spr3-52/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://asrg.io/security-advisories/vulnerability-in-id-charger-connect-and-pro-from-volkswagen-group-charging-gmbh-elli-evbox-versions-spr3-2b-spr3-51-and-spr3-52/\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-01T21:18:06.963Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-5684\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-06-06T13:27:31.304336Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:volkswagen_group_charging_gmbh_elli_evbox:id_charger_connect_and_pro:spr3.2b:*:*:*:*:*:*:*\"], \"vendor\": \"volkswagen_group_charging_gmbh_elli_evbox\", \"product\": \"id_charger_connect_and_pro\", \"versions\": [{\"status\": \"affected\", \"version\": \"spr3.2b\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:volkswagen_group_charging_gmbh_elli_evbox:id_charger_connect_and_pro:spr3.51:*:*:*:*:*:*:*\"], \"vendor\": \"volkswagen_group_charging_gmbh_elli_evbox\", \"product\": \"id_charger_connect_and_pro\", \"versions\": [{\"status\": \"affected\", \"version\": \"spr3.51\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:volkswagen_group_charging_gmbh_elli_evbox:id_charger_connect_and_pro:spr3.52:*:*:*:*:*:*:*\"], \"vendor\": \"volkswagen_group_charging_gmbh_elli_evbox\", \"product\": \"id_charger_connect_and_pro\", \"versions\": [{\"status\": \"affected\", \"version\": \"spr3.52\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-06-06T13:33:13.792Z\"}}], \"cna\": {\"title\": \"ID Charger Connect \u0026 Pro - JWT-Null-Algorithm\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"user\": \"00000000-0000-4000-9000-000000000000\", \"value\": \"Anna Breeva (PCAutomotive)\"}], \"impacts\": [{\"capecId\": \"CAPEC-115\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-115 Authentication Bypass\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.3, \"attackVector\": \"ADJACENT_NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Volkswagen Group Charging GmbH - Elli, EVBox\", \"product\": \"ID Charger Connect \u0026 Pro\", \"versions\": [{\"status\": \"affected\", \"version\": \"SPR3.2B\"}, {\"status\": \"affected\", \"version\": \"SPR3.51\"}, {\"status\": \"affected\", \"version\": \"SPR3.52\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://asrg.io/security-advisories/vulnerability-in-id-charger-connect-and-pro-from-volkswagen-group-charging-gmbh-elli-evbox-versions-spr3-2b-spr3-51-and-spr3-52/\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"An attacker with access to the private network (the charger is connected to) or local access to the Ethernet-Interface can exploit a faulty implementation of the JWT-library in order to bypass the password authentication to the web configuration interface and then has full access as the user would have. However, an attacker will not have developer or admin rights. If the implementation of the JWT-library is wrongly configured to accept \\\"none\\\"-algorithms, the server will pass insecure JWT. A local, unauthenticated attacker can exploit this vulnerability to bypass the authentication mechanism.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"An attacker with access to the private network (the charger is connected to) or local access to the Ethernet-Interface can exploit a faulty implementation of the JWT-library in order to bypass the password authentication to the web configuration interface and then has full access as the user would have. However, an attacker will not have developer or admin rights. If the implementation of the JWT-library is wrongly configured to accept \\\"none\\\"-algorithms, the server will pass insecure JWT. A local, unauthenticated attacker can exploit this vulnerability to bypass the authentication mechanism.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-345\", \"description\": \"CWE-345 Insufficient Verification of Data Authenticity\"}]}], \"providerMetadata\": {\"orgId\": \"c15abc07-96a9-4d11-a503-5d621bfe42ba\", \"shortName\": \"ASRG\", \"dateUpdated\": \"2024-06-06T12:54:09.480Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-5684\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-01T21:18:06.963Z\", \"dateReserved\": \"2024-06-06T12:47:48.760Z\", \"assignerOrgId\": \"c15abc07-96a9-4d11-a503-5d621bfe42ba\", \"datePublished\": \"2024-06-06T12:54:09.480Z\", \"assignerShortName\": \"ASRG\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…