Lucene search

ASRGCVE-2024-5684

HistoryJun 06, 2024 - 1:15 p.m.

CVE-2024-5684

2024-06-0613:15:32

CWE-345

ASRG

web.nvd.nist.gov

cve-2024-5684

private network access

local exploit

insecure jwt

authentication bypass

CVSS3

8.8

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.5

Confidence

Low

EPSS

0.001

Percentile

21.5%

JSON

An attacker with access to the private network (the charger is connected to) or local access to the Ethernet-Interface can exploit a faulty implementation of the JWT-library in order to bypass the password authentication to the web configuration interface and then has full access as the user would have. However, an attacker will not have developer or admin rights. If the implementation of the JWT-library is wrongly configured to accept “none”-algorithms, the server will pass insecure JWT. A local, unauthenticated attacker can exploit this vulnerability to bypass the authentication mechanism.

Affected configurations

Nvd

Node

vwid.charger_connect_firmwareMatchspr3.2beta

vwid.charger_connect_firmwareMatchspr3.51

vwid.charger_connect_firmwareMatchspr3.52

AND

vwid.charger_connectMatch-

Node

vwid.charger_pro_firmwareMatchspr3.2beta

vwid.charger_pro_firmwareMatchspr3.51

vwid.charger_pro_firmwareMatchspr3.52

AND

vwid.charger_proMatch-

VendorProductVersionCPE
vwid.charger_connect_firmwarespr3.2cpe:2.3:o:vw:id.charger_connect_firmware:spr3.2:beta:*:*:*:*:*:*
vwid.charger_connect_firmwarespr3.51cpe:2.3:o:vw:id.charger_connect_firmware:spr3.51:*:*:*:*:*:*:*
vwid.charger_connect_firmwarespr3.52cpe:2.3:o:vw:id.charger_connect_firmware:spr3.52:*:*:*:*:*:*:*
vwid.charger_connect-cpe:2.3:h:vw:id.charger_connect:-:*:*:*:*:*:*:*
vwid.charger_pro_firmwarespr3.2cpe:2.3:o:vw:id.charger_pro_firmware:spr3.2:beta:*:*:*:*:*:*
vwid.charger_pro_firmwarespr3.51cpe:2.3:o:vw:id.charger_pro_firmware:spr3.51:*:*:*:*:*:*:*
vwid.charger_pro_firmwarespr3.52cpe:2.3:o:vw:id.charger_pro_firmware:spr3.52:*:*:*:*:*:*:*
vwid.charger_pro-cpe:2.3:h:vw:id.charger_pro:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
vw	id.charger_connect_firmware	spr3.2	cpe:2.3:o:vw:id.charger_connect_firmware:spr3.2:beta::::::
vw	id.charger_connect_firmware	spr3.51	cpe:2.3:o:vw:id.charger_connect_firmware:spr3.51:::::::*
vw	id.charger_connect_firmware	spr3.52	cpe:2.3:o:vw:id.charger_connect_firmware:spr3.52:::::::*
vw	id.charger_connect	-	cpe:2.3:h:vw:id.charger_connect:-:::::::*
vw	id.charger_pro_firmware	spr3.2	cpe:2.3:o:vw:id.charger_pro_firmware:spr3.2:beta::::::
vw	id.charger_pro_firmware	spr3.51	cpe:2.3:o:vw:id.charger_pro_firmware:spr3.51:::::::*
vw	id.charger_pro_firmware	spr3.52	cpe:2.3:o:vw:id.charger_pro_firmware:spr3.52:::::::*
vw	id.charger_pro	-	cpe:2.3:h:vw:id.charger_pro:-:::::::*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "ID Charger Connect & Pro",
    "vendor": "Volkswagen Group Charging GmbH - Elli, EVBox",
    "versions": [
      {
        "status": "affected",
        "version": "SPR3.2B"
      },
      {
        "status": "affected",
        "version": "SPR3.51"
      },
      {
        "status": "affected",
        "version": "SPR3.52"
      }
    ]
  }
]

References

asrg.io/security-advisories/vulnerability-in-id-charger-connect-and-pro-from-volkswagen-group-charging-gmbh-elli-evbox-versions-spr3-2b-spr3-51-and-spr3-52/

CVSS3

8.8

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.5

Confidence

Low

EPSS

0.001

Percentile

21.5%

JSON

Related for CVE-2024-5684