CVE-2018-7160

The Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. An attack is possible from malicious websites open in a web browser on the same computer, or another computer with network access to the computer running the Node.js process. A malicious website could use a DNS rebinding attack to trick the web browser to bypass same-origin-policy checks and to allow HTTP connections to localhost or to hosts on the local network. If a Node.js process with the debug port active is running on localhost or on a host on the local network, the malicious website could connect to it as a debugger, and get full code execution access.

CVSS v3 8.8 HIGH
CVSS v2.0 6.8 MEDIUM

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/	Vendor Advisory
https://support.f5.com/csp/article/K63025104?utm_source=f5support&amp%3Butm_medium=RSS
https://www.oracle.com//security-alerts/cpujul2021.html	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:nodejs:node.js:::::-:::*
	cpe:2.3:a:nodejs:node.js:::::lts:::*
	cpe:2.3:a:nodejs:node.js:::::-:::*
	cpe:2.3:a:nodejs:node.js:::::lts:::*
	cpe:2.3:a:nodejs:node.js:::::-:::*

History

No history.

Information

Published : 2018-05-17 14:29

Updated : 2023-11-07 03:00

NVD link : CVE-2018-7160

Mitre link : CVE-2018-7160

CVE.ORG link : CVE-2018-7160

JSON object : View

Products Affected

nodejs

node.js

CWE

CWE-290

Authentication Bypass by Spoofing

CWE-350

Reliance on Reverse DNS Resolution for a Security-Critical Action

{"id": "CVE-2018-7160", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2018-05-17T14:29:00.827", "references": [{"url": "https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/", "tags": ["Vendor Advisory"], "source": "cve-request@iojs.org"}, {"url": "https://support.f5.com/csp/article/K63025104?utm_source=f5support&amp%3Butm_medium=RSS", "source": "cve-request@iojs.org"}, {"url": "https://www.oracle.com//security-alerts/cpujul2021.html", "tags": ["Third Party Advisory"], "source": "cve-request@iojs.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-290"}]}, {"type": "Secondary", "source": "cve-request@iojs.org", "description": [{"lang": "en", "value": "CWE-350"}]}], "descriptions": [{"lang": "en", "value": "The Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. An attack is possible from malicious websites open in a web browser on the same computer, or another computer with network access to the computer running the Node.js process. A malicious website could use a DNS rebinding attack to trick the web browser to bypass same-origin-policy checks and to allow HTTP connections to localhost or to hosts on the local network. If a Node.js process with the debug port active is running on localhost or on a host on the local network, the malicious website could connect to it as a debugger, and get full code execution access."}, {"lang": "es", "value": "El inspector de Node.js, en versiones 6.x y siguientes, es vulnerable a un ataque de reenlace DNS que podr\u00eda explotarse para ejecutar c\u00f3digo de forma remota. El ataque es posible desde sitios web maliciosos abiertos en un navegador web en el mismo ordenador o desde otro ordenador con acceso de red al ordenador que ejecuta el proceso Node.js. Un sitio web malicioso podr\u00eda emplear un ataque de reenlace DNS para enga\u00f1ar al navegador web para que omita las comprobaciones de pol\u00edtica del mismo origen y para permitir conexiones HTTP al host local o a hosts en la red local. Si un proceso Node.js con el puerto de depuraci\u00f3n activo se est\u00e1 ejecutando en el host local o en un host en la red local, el sitio web malicioso podr\u00eda conectarse a \u00e9l como depurador y obtener acceso total de ejecuci\u00f3n de c\u00f3digo."}], "lastModified": "2023-11-07T03:00:58.440", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "D107EC29-67E7-40C3-8E5A-324C9105C5E4", "versionEndIncluding": "6.8.1", "versionStartIncluding": "6.0.0"}, {"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "B6855CC9-21A0-4C1B-8C27-A15FA0D7244F", "versionEndExcluding": "6.14.0", "versionStartIncluding": "6.9.0"}, {"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "74FB695D-2C76-47AB-988E-5629D2E695E5", "versionEndIncluding": "8.8.1", "versionStartIncluding": "8.0.0"}, {"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "A6E7AD1F-26AA-4CBA-9162-7DFC0B09E620", "versionEndExcluding": "8.11.0", "versionStartIncluding": "8.9.0"}, {"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "8FC117F5-0B41-49F5-83DF-B830DEE95404", "versionEndExcluding": "9.10.0", "versionStartIncluding": "9.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve-request@iojs.org"}