NeuVector Token Reverse Engineering Leads to Remote Code Execution

CVE-2023-32188

Currently unrated 🤨

Key Information

Vendor: Suse
Status: Neuvector
Vendor: CVE Published:; 16 October 2024

Summary

A user can reverse engineer the JWT token (JSON Web Token) used in authentication for Manager and API access, forging a valid NeuVector Token to perform malicious activity in NeuVector. This can lead to an RCE.

Affected Version(s)

neuvector < 0.0.0-20231003121714-be746957ee7c

Timeline

Vulnerability published.
Oct 16, 2024
Vulnerability Reserved.
May 4, 2023

Collectors

NVD DatabaseMitre Database

Credit

Dejan Zelic at Offensive Security