CVE-2018-0114

Cisco node-jos < 0.11.0 - Re-sign Tokens

Severity Score

7.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A vulnerability in the Cisco node-jose open source library before 0.11.0 could allow an unauthenticated, remote attacker to re-sign tokens using a key that is embedded within the token. The vulnerability is due to node-jose following the JSON Web Signature (JWS) standard for JSON Web Tokens (JWTs). This standard specifies that a JSON Web Key (JWK) representing a public key can be embedded within the header of a JWS. This public key is then trusted for verification. An attacker could exploit this by forging valid JWS objects by removing the original signature, adding a new public key to the header, and then signing the object using the (attacker-owned) private key associated with the public key embedded in that JWS header.

Una vulnerabilidad en la librería de código libre node-jose de Cisco en versiones anteriores a la 0.11.0 podría permitir que un atacante remoto no autenticado vuelva a firmar los tokens empleando una clave que está embebida en el token. Esta vulnerabilidad se debe a que node-jose sigue el estándar JSON Web Signature (JWS) para JWT (JSON Web Tokens). Este estándar especifica que una clave web JSON Web Key (JWK) que represente una clave pública se puede embeber en la cabecera de una JWS. Después se asume que la clave pública pasa por un proceso de verificación. Un atacante podría explotar esta vulnerabilidad forjando objetos JWS válidos eliminando la firma original, añadiendo una nueva clave pública a la cabecera y luego firmando el objeto utilizando la clave privada (propiedad del atacante) asociada con la clave pública embebida en esa cabecera JWS.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

None

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2017-11-27 CVE Reserved
2018-01-04 CVE Published
2020-08-18 First Exploit
2023-05-28 EPSS Updated
2024-08-05 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-347: Improper Verification of Cryptographic Signature

CAPEC

References (13)

URL	Tag	Source
http://www.securityfocus.com/bid/102445	Third Party Advisory
https://github.com/cisco/node-jose/blob/master/CHANGELOG.md	Release Notes

URL	Date	SRC
https://www.exploit-db.com/exploits/44324	2024-08-05
https://github.com/zi0Black/POC-CVE-2018-0114	2024-08-05
https://github.com/j4k0m/CVE-2018-0114	2021-09-04
https://github.com/scumdestroy/CVE-2018-0114	2021-05-11
https://github.com/Eremiel/CVE-2018-0114	2021-01-03
https://github.com/adityathebe/POC-CVE-2018-0114	2021-02-21
https://github.com/Logeirs/CVE-2018-0114	2020-08-18
https://github.com/Starry-lord/CVE-2018-0114	2021-01-13
https://github.com/mmeza-developer/CVE-2018-0114	2021-11-06
https://github.com/CyberSecurityUP/CVE-2018-0114-Exploit	2022-01-29

URL	Date	SRC
https://tools.cisco.com/security/center/viewAlert.x?alertId=56326	2020-09-04

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Cisco Search vendor "Cisco"		Node-jose Search vendor "Cisco" for product "Node-jose"				< 0.11.0 Search vendor "Cisco" for product "Node-jose" and version " < 0.11.0"		-		Affected