Vulnerability in Cisco Node-Jose Library Allows Token Resigning
CVE-2018-0114

7.5HIGH

Key Information:

Vendor
Cisco
Status
Node-jose Library
Vendor
CVE Published:
4 January 2018

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 68%

Summary

The Cisco node-jose library prior to version 0.11.0 contains a vulnerability that allows an unauthenticated remote attacker to re-sign JSON Web Signature (JWS) tokens. This stems from the library's compliance with the JSON Web Signature standards, which allows a JSON Web Key (JWK) embedding within the token header. By exploiting this vulnerability, an attacker could remove the original signature, inject a different public key, and subsequently sign the object with their own private key, thereby creating forged valid JWS objects.

Affected Version(s)

Node-jose Library Node-jose Library

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

POC-CVE-2018-0114
Created by zi0Black

CVE-2018-0114
Created by j4k0m

CVE-2018-0114
Created by scumdestroy

References

https://tools.cisco.com/security/center/viewAlert.x?alert...
x_refsource_CONFIRM
https://github.com/zi0Black/POC-CVE-2018-0114
x_refsource_MISC
https://github.com/cisco/node-jose/blob/master/CHANGELOG.md
x_refsource_CONFIRM

EPSS Score

68% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.