CVE-2024-5684

An attacker with access to the private network (the charger is connected to) or local access to the Ethernet-Interface can exploit a faulty implementation of the JWT-library in order to bypass the password authentication to the web configuration interface and then has full access as the user would have. However, an attacker will not have developer or admin rights. If the implementation of the JWT-library is wrongly configured to accept "none"-algorithms, the server will pass insecure JWT. A local, unauthenticated attacker can exploit this vulnerability to bypass the authentication mechanism.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://asrg.io/security-advisories/vulnerability-in-id-charger-connect-and-pro-from-volkswagen-group-charging-gmbh-elli-evbox-versions-spr3-2b-spr3-51-and-spr3-52/	Third Party Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:vw:id.charger_connect_firmware:spr3.2:beta::::::
	cpe:2.3:o:vw:id.charger_connect_firmware:spr3.51:::::::*
	cpe:2.3:o:vw:id.charger_connect_firmware:spr3.52:::::::*

cpe:2.3:h:vw:id.charger_connect:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

OR	cpe:2.3:o:vw:id.charger_pro_firmware:spr3.2:beta::::::
	cpe:2.3:o:vw:id.charger_pro_firmware:spr3.51:::::::*
	cpe:2.3:o:vw:id.charger_pro_firmware:spr3.52:::::::*

cpe:2.3:h:vw:id.charger_pro:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2024-06-06 13:15

Updated : 2024-06-11 18:13

NVD link : CVE-2024-5684

Mitre link : CVE-2024-5684

CVE.ORG link : CVE-2024-5684

JSON object : View

Products Affected

vw

id.charger_pro
id.charger_pro_firmware
id.charger_connect
id.charger_connect_firmware

CWE

CWE-345

Insufficient Verification of Data Authenticity

{"id": "CVE-2024-5684", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "cve@asrg.io", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 2.8}]}, "published": "2024-06-06T13:15:32.027", "references": [{"url": "https://asrg.io/security-advisories/vulnerability-in-id-charger-connect-and-pro-from-volkswagen-group-charging-gmbh-elli-evbox-versions-spr3-2b-spr3-51-and-spr3-52/", "tags": ["Third Party Advisory"], "source": "cve@asrg.io"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-345"}]}, {"type": "Secondary", "source": "cve@asrg.io", "description": [{"lang": "en", "value": "CWE-345"}]}], "descriptions": [{"lang": "en", "value": "An attacker with access to the private network (the charger is connected to) or local access to the Ethernet-Interface can exploit a faulty implementation of the JWT-library in order to bypass the password authentication to the web configuration interface and then has full access as the user would have. However, an attacker will not have developer or admin rights. If the implementation of the JWT-library is wrongly configured to accept \"none\"-algorithms, the server will pass insecure JWT. A local, unauthenticated attacker can exploit this vulnerability to bypass the authentication mechanism."}, {"lang": "es", "value": "Un atacante con acceso a la red privada (a la que est\u00e1 conectado el cargador) o acceso local a la interfaz Ethernet puede explotar una implementaci\u00f3n defectuosa de la librer\u00eda JWT para omitir la autenticaci\u00f3n de contrase\u00f1a en la interfaz de configuraci\u00f3n web y luego tener acceso completo como lo habr\u00eda hecho el usuario. Sin embargo, un atacante no tendr\u00e1 derechos de desarrollador ni de administrador. Si la implementaci\u00f3n de la librer\u00eda JWT est\u00e1 configurada incorrectamente para aceptar algoritmos \"ninguno\", el servidor pasar\u00e1 JWT inseguro. Un atacante local no autenticado puede aprovechar esta vulnerabilidad para eludir el mecanismo de autenticaci\u00f3n."}], "lastModified": "2024-06-11T18:13:30.163", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:vw:id.charger_connect_firmware:spr3.2:beta:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7EC6FAEB-299C-4B80-86DC-DCF360112634"}, {"criteria": "cpe:2.3:o:vw:id.charger_connect_firmware:spr3.51:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "38C5905C-1F7A-4747-8983-F40270C34A17"}, {"criteria": "cpe:2.3:o:vw:id.charger_connect_firmware:spr3.52:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "25691151-74B1-4B0D-BFDD-AE683B5C50C1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:vw:id.charger_connect:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "96237641-90A5-4382-96DF-52A7BDAC1F81"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:vw:id.charger_pro_firmware:spr3.2:beta:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1977125C-AF1C-41EF-86A1-CF4549F22EF9"}, {"criteria": "cpe:2.3:o:vw:id.charger_pro_firmware:spr3.51:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2F73F41A-6D43-4743-A8F2-F13A2C351AAE"}, {"criteria": "cpe:2.3:o:vw:id.charger_pro_firmware:spr3.52:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2A391298-4342-4A2D-B16B-77AC8FDD09F9"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:vw:id.charger_pro:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E2DBD3C1-5775-474D-BAD0-A1775DC80326"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@asrg.io"}