NeuVector Token Reverse Engineering Leads to Remote Code Execution
CVE-2023-32188

Currently unrated

Key Information:

Vendor: Suse
Status: Neuvector
Vendor: CVE Published:; 16 October 2024

Summary

A vulnerability in NeuVector's authentication process allows an attacker to reverse engineer the JSON Web Token (JWT) used for Manager and API access. By forging a valid NeuVector Token, the attacker can potentially gain unauthorized access to the system, enabling malicious activities, including remote code execution. Organizations using NeuVector products should remain vigilant and apply necessary security patches to mitigate the risk.

Affected Version(s)

neuvector 0 < 0.0.0-20231003121714-be746957ee7c

References

https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32188

https://github.com/neuvector/neuvector/security/advisorie...

Timeline

Vulnerability published
Oct 16, 2024
Vulnerability Reserved
May 4, 2023

Credit

Dejan Zelic at Offensive Security