{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-5684", "assignerOrgId": "c15abc07-96a9-4d11-a503-5d621bfe42ba", "state": "PUBLISHED", "assignerShortName": "ASRG", "dateReserved": "2024-06-06T12:47:48.760Z", "datePublished": "2024-06-06T12:54:09.480Z", "dateUpdated": "2024-08-01T21:18:06.963Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "ID Charger Connect & Pro", "vendor": "Volkswagen Group Charging GmbH - Elli, EVBox", "versions": [{"status": "affected", "version": "SPR3.2B"}, {"status": "affected", "version": "SPR3.51"}, {"status": "affected", "version": "SPR3.52"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Anna Breeva (PCAutomotive)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An attacker with access to the private network (the charger is connected to) or local access to the Ethernet-Interface can exploit a faulty implementation of the JWT-library in order to bypass the password authentication to the web configuration interface and then has full access as the user would have. However, an attacker will not have developer or admin rights. If the implementation of the JWT-library is wrongly configured to accept \"none\"-algorithms, the server will pass insecure JWT. A local, unauthenticated attacker can exploit this vulnerability to bypass the authentication mechanism."}], "value": "An attacker with access to the private network (the charger is connected to) or local access to the Ethernet-Interface can exploit a faulty implementation of the JWT-library in order to bypass the password authentication to the web configuration interface and then has full access as the user would have. However, an attacker will not have developer or admin rights. If the implementation of the JWT-library is wrongly configured to accept \"none\"-algorithms, the server will pass insecure JWT. A local, unauthenticated attacker can exploit this vulnerability to bypass the authentication mechanism."}], "impacts": [{"capecId": "CAPEC-115", "descriptions": [{"lang": "en", "value": "CAPEC-115 Authentication Bypass"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-345", "description": "CWE-345 Insufficient Verification of Data Authenticity", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "c15abc07-96a9-4d11-a503-5d621bfe42ba", "shortName": "ASRG", "dateUpdated": "2024-06-06T12:54:09.480Z"}, "references": [{"url": "https://asrg.io/security-advisories/vulnerability-in-id-charger-connect-and-pro-from-volkswagen-group-charging-gmbh-elli-evbox-versions-spr3-2b-spr3-51-and-spr3-52/"}], "source": {"discovery": "UNKNOWN"}, "title": "ID Charger Connect & Pro - JWT-Null-Algorithm", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"affected": [{"vendor": "volkswagen_group_charging_gmbh_elli_evbox", "product": "id_charger_connect_and_pro", "cpes": ["cpe:2.3:a:volkswagen_group_charging_gmbh_elli_evbox:id_charger_connect_and_pro:spr3.2b:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "spr3.2b", "status": "affected"}]}, {"vendor": "volkswagen_group_charging_gmbh_elli_evbox", "product": "id_charger_connect_and_pro", "cpes": ["cpe:2.3:a:volkswagen_group_charging_gmbh_elli_evbox:id_charger_connect_and_pro:spr3.51:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "spr3.51", "status": "affected"}]}, {"vendor": "volkswagen_group_charging_gmbh_elli_evbox", "product": "id_charger_connect_and_pro", "cpes": ["cpe:2.3:a:volkswagen_group_charging_gmbh_elli_evbox:id_charger_connect_and_pro:spr3.52:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "spr3.52", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-06T13:27:31.304336Z", "id": "CVE-2024-5684", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-06T13:40:30.790Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:18:06.963Z"}, "title": "CVE Program Container", "references": [{"url": "https://asrg.io/security-advisories/vulnerability-in-id-charger-connect-and-pro-from-volkswagen-group-charging-gmbh-elli-evbox-versions-spr3-2b-spr3-51-and-spr3-52/", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://asrg.io/security-advisories/vulnerability-in-id-charger-connect-and-pro-from-volkswagen-group-charging-gmbh-elli-evbox-versions-spr3-2b-spr3-51-and-spr3-52/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:18:06.963Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-5684", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-06T13:27:31.304336Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:volkswagen_group_charging_gmbh_elli_evbox:id_charger_connect_and_pro:spr3.2b:*:*:*:*:*:*:*"], "vendor": "volkswagen_group_charging_gmbh_elli_evbox", "product": "id_charger_connect_and_pro", "versions": [{"status": "affected", "version": "spr3.2b"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:volkswagen_group_charging_gmbh_elli_evbox:id_charger_connect_and_pro:spr3.51:*:*:*:*:*:*:*"], "vendor": "volkswagen_group_charging_gmbh_elli_evbox", "product": "id_charger_connect_and_pro", "versions": [{"status": "affected", "version": "spr3.51"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:volkswagen_group_charging_gmbh_elli_evbox:id_charger_connect_and_pro:spr3.52:*:*:*:*:*:*:*"], "vendor": "volkswagen_group_charging_gmbh_elli_evbox", "product": "id_charger_connect_and_pro", "versions": [{"status": "affected", "version": "spr3.52"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-06T13:33:13.792Z"}}], "cna": {"title": "ID Charger Connect & Pro - JWT-Null-Algorithm", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Anna Breeva (PCAutomotive)"}], "impacts": [{"capecId": "CAPEC-115", "descriptions": [{"lang": "en", "value": "CAPEC-115 Authentication Bypass"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Volkswagen Group Charging GmbH - Elli, EVBox", "product": "ID Charger Connect & Pro", "versions": [{"status": "affected", "version": "SPR3.2B"}, {"status": "affected", "version": "SPR3.51"}, {"status": "affected", "version": "SPR3.52"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://asrg.io/security-advisories/vulnerability-in-id-charger-connect-and-pro-from-volkswagen-group-charging-gmbh-elli-evbox-versions-spr3-2b-spr3-51-and-spr3-52/"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "An attacker with access to the private network (the charger is connected to) or local access to the Ethernet-Interface can exploit a faulty implementation of the JWT-library in order to bypass the password authentication to the web configuration interface and then has full access as the user would have. However, an attacker will not have developer or admin rights. If the implementation of the JWT-library is wrongly configured to accept \"none\"-algorithms, the server will pass insecure JWT. A local, unauthenticated attacker can exploit this vulnerability to bypass the authentication mechanism.", "supportingMedia": [{"type": "text/html", "value": "An attacker with access to the private network (the charger is connected to) or local access to the Ethernet-Interface can exploit a faulty implementation of the JWT-library in order to bypass the password authentication to the web configuration interface and then has full access as the user would have. However, an attacker will not have developer or admin rights. If the implementation of the JWT-library is wrongly configured to accept \"none\"-algorithms, the server will pass insecure JWT. A local, unauthenticated attacker can exploit this vulnerability to bypass the authentication mechanism.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-345", "description": "CWE-345 Insufficient Verification of Data Authenticity"}]}], "providerMetadata": {"orgId": "c15abc07-96a9-4d11-a503-5d621bfe42ba", "shortName": "ASRG", "dateUpdated": "2024-06-06T12:54:09.480Z"}}}, "cveMetadata": {"cveId": "CVE-2024-5684", "state": "PUBLISHED", "dateUpdated": "2024-08-01T21:18:06.963Z", "dateReserved": "2024-06-06T12:47:48.760Z", "assignerOrgId": "c15abc07-96a9-4d11-a503-5d621bfe42ba", "datePublished": "2024-06-06T12:54:09.480Z", "assignerShortName": "ASRG"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:vw:id.charger_connect_firmware:spr3.2:beta:*:*:*:*:*:*", "matchCriteriaId": "7EC6FAEB-299C-4B80-86DC-DCF360112634", "vulnerable": true}, {"criteria": "cpe:2.3:o:vw:id.charger_connect_firmware:spr3.51:*:*:*:*:*:*:*", "matchCriteriaId": "38C5905C-1F7A-4747-8983-F40270C34A17", "vulnerable": true}, {"criteria": "cpe:2.3:o:vw:id.charger_connect_firmware:spr3.52:*:*:*:*:*:*:*", "matchCriteriaId": "25691151-74B1-4B0D-BFDD-AE683B5C50C1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:vw:id.charger_connect:-:*:*:*:*:*:*:*", "matchCriteriaId": "96237641-90A5-4382-96DF-52A7BDAC1F81", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:vw:id.charger_pro_firmware:spr3.2:beta:*:*:*:*:*:*", "matchCriteriaId": "1977125C-AF1C-41EF-86A1-CF4549F22EF9", "vulnerable": true}, {"criteria": "cpe:2.3:o:vw:id.charger_pro_firmware:spr3.51:*:*:*:*:*:*:*", "matchCriteriaId": "2F73F41A-6D43-4743-A8F2-F13A2C351AAE", "vulnerable": true}, {"criteria": "cpe:2.3:o:vw:id.charger_pro_firmware:spr3.52:*:*:*:*:*:*:*", "matchCriteriaId": "2A391298-4342-4A2D-B16B-77AC8FDD09F9", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:vw:id.charger_pro:-:*:*:*:*:*:*:*", "matchCriteriaId": "E2DBD3C1-5775-474D-BAD0-A1775DC80326", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "An attacker with access to the private network (the charger is connected to) or local access to the Ethernet-Interface can exploit a faulty implementation of the JWT-library in order to bypass the password authentication to the web configuration interface and then has full access as the user would have. However, an attacker will not have developer or admin rights. If the implementation of the JWT-library is wrongly configured to accept \"none\"-algorithms, the server will pass insecure JWT. A local, unauthenticated attacker can exploit this vulnerability to bypass the authentication mechanism."}, {"lang": "es", "value": "Un atacante con acceso a la red privada (a la que est\u00e1 conectado el cargador) o acceso local a la interfaz Ethernet puede explotar una implementaci\u00f3n defectuosa de la librer\u00eda JWT para omitir la autenticaci\u00f3n de contrase\u00f1a en la interfaz de configuraci\u00f3n web y luego tener acceso completo como lo habr\u00eda hecho el usuario. Sin embargo, un atacante no tendr\u00e1 derechos de desarrollador ni de administrador. Si la implementaci\u00f3n de la librer\u00eda JWT est\u00e1 configurada incorrectamente para aceptar algoritmos \"ninguno\", el servidor pasar\u00e1 JWT inseguro. Un atacante local no autenticado puede aprovechar esta vulnerabilidad para eludir el mecanismo de autenticaci\u00f3n."}], "id": "CVE-2024-5684", "lastModified": "2024-11-21T09:48:09.440", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.4, "source": "cve@asrg.io", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-06-06T13:15:32.027", "references": [{"source": "cve@asrg.io", "tags": ["Third Party Advisory"], "url": "https://asrg.io/security-advisories/vulnerability-in-id-charger-connect-and-pro-from-volkswagen-group-charging-gmbh-elli-evbox-versions-spr3-2b-spr3-51-and-spr3-52/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://asrg.io/security-advisories/vulnerability-in-id-charger-connect-and-pro-from-volkswagen-group-charging-gmbh-elli-evbox-versions-spr3-2b-spr3-51-and-spr3-52/"}], "sourceIdentifier": "cve@asrg.io", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-345"}], "source": "cve@asrg.io", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-345"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}