CVE-2023-22644

Summary

A user can reverse engineer the JWT token (JSON Web Token) used in authentication for Manager and API access, forging a valid NeuVector Token to perform malicious activity in NeuVector. This can lead to an RCE.

Affected Software

VendorProductVersion RangeStatus
SUSEneuvector0 < 0.0.0-20231003121714-be746957ee7caffected

Weaknesses

  • CWE-1270: CWE-1270: Generation of Incorrect Security Tokens

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References