NeuVector Token Reverse Engineering Leads to Remote Code Execution
CVE-2023-32188

Currently unrated

Key Information:

Vendor

Suse
Status
Neuvector
Vendor
CVE Published:
16 October 2024

What is CVE-2023-32188?

A vulnerability in NeuVector's authentication process allows an attacker to reverse engineer the JSON Web Token (JWT) used for Manager and API access. By forging a valid NeuVector Token, the attacker can potentially gain unauthorized access to the system, enabling malicious activities, including remote code execution. Organizations using NeuVector products should remain vigilant and apply necessary security patches to mitigate the risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

neuvector 0 < 0.0.0-20231003121714-be746957ee7c

References

https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32188
https://github.com/neuvector/neuvector/security/advisorie...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Dejan Zelic at Offensive Security
JSON
.