FKIE_CVE-2024-5684

Vulnerability from fkie_nvd - Published: 2024-06-06 13:15 - Updated: 2024-11-21 09:48
Severity
6.3 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
An attacker with access to the private network (the charger is connected to) or local access to the Ethernet-Interface can exploit a faulty implementation of the JWT-library in order to bypass the password authentication to the web configuration interface and then has full access as the user would have. However, an attacker will not have developer or admin rights. If the implementation of the JWT-library is wrongly configured to accept "none"-algorithms, the server will pass insecure JWT. A local, unauthenticated attacker can exploit this vulnerability to bypass the authentication mechanism.
References
cve@asrg.iohttps://asrg.io/security-advisories/vulnerability-in-id-charger-connect-and-pro-from-volkswagen-group-charging-gmbh-elli-evbox-versions-spr3-2b-spr3-51-and-spr3-52/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://asrg.io/security-advisories/vulnerability-in-id-charger-connect-and-pro-from-volkswagen-group-charging-gmbh-elli-evbox-versions-spr3-2b-spr3-51-and-spr3-52/Third Party Advisory
Impacted products
Vendor Product Version
vw id.charger_connect_firmware spr3.2
vw id.charger_connect_firmware spr3.51
vw id.charger_connect_firmware spr3.52
vw id.charger_connect -
vw id.charger_pro_firmware spr3.2
vw id.charger_pro_firmware spr3.51
vw id.charger_pro_firmware spr3.52
vw id.charger_pro -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:vw:id.charger_connect_firmware:spr3.2:beta:*:*:*:*:*:*",
              "matchCriteriaId": "7EC6FAEB-299C-4B80-86DC-DCF360112634",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:vw:id.charger_connect_firmware:spr3.51:*:*:*:*:*:*:*",
              "matchCriteriaId": "38C5905C-1F7A-4747-8983-F40270C34A17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:vw:id.charger_connect_firmware:spr3.52:*:*:*:*:*:*:*",
              "matchCriteriaId": "25691151-74B1-4B0D-BFDD-AE683B5C50C1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:vw:id.charger_connect:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "96237641-90A5-4382-96DF-52A7BDAC1F81",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:vw:id.charger_pro_firmware:spr3.2:beta:*:*:*:*:*:*",
              "matchCriteriaId": "1977125C-AF1C-41EF-86A1-CF4549F22EF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:vw:id.charger_pro_firmware:spr3.51:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F73F41A-6D43-4743-A8F2-F13A2C351AAE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:vw:id.charger_pro_firmware:spr3.52:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A391298-4342-4A2D-B16B-77AC8FDD09F9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:vw:id.charger_pro:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2DBD3C1-5775-474D-BAD0-A1775DC80326",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An attacker with access to the private network (the charger is connected to) or local access to the Ethernet-Interface can exploit a faulty implementation of the JWT-library in order to bypass the password authentication to the web configuration interface and then has full access as the user would have. However, an attacker will not have developer or admin rights. If the implementation of the JWT-library is wrongly configured to accept \"none\"-algorithms, the server will pass insecure JWT. A local, unauthenticated attacker can exploit this vulnerability to bypass the authentication mechanism."
    },
    {
      "lang": "es",
      "value": "Un atacante con acceso a la red privada (a la que est\u00e1 conectado el cargador) o acceso local a la interfaz Ethernet puede explotar una implementaci\u00f3n defectuosa de la librer\u00eda JWT para omitir la autenticaci\u00f3n de contrase\u00f1a en la interfaz de configuraci\u00f3n web y luego tener acceso completo como lo habr\u00eda hecho el usuario. Sin embargo, un atacante no tendr\u00e1 derechos de desarrollador ni de administrador. Si la implementaci\u00f3n de la librer\u00eda JWT est\u00e1 configurada incorrectamente para aceptar algoritmos \"ninguno\", el servidor pasar\u00e1 JWT inseguro. Un atacante local no autenticado puede aprovechar esta vulnerabilidad para eludir el mecanismo de autenticaci\u00f3n."
    }
  ],
  "id": "CVE-2024-5684",
  "lastModified": "2024-11-21T09:48:09.440",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 6.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.4,
        "source": "cve@asrg.io",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-06-06T13:15:32.027",
  "references": [
    {
      "source": "cve@asrg.io",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://asrg.io/security-advisories/vulnerability-in-id-charger-connect-and-pro-from-volkswagen-group-charging-gmbh-elli-evbox-versions-spr3-2b-spr3-51-and-spr3-52/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://asrg.io/security-advisories/vulnerability-in-id-charger-connect-and-pro-from-volkswagen-group-charging-gmbh-elli-evbox-versions-spr3-2b-spr3-51-and-spr3-52/"
    }
  ],
  "sourceIdentifier": "cve@asrg.io",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-345"
        }
      ],
      "source": "cve@asrg.io",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-345"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.