Nebula releases from 1.7.0 to 1.10.2 that use P256 certificates expose a flaw wherein the ECDSA signature can be modified to create a certificate copy with a different fingerprint. The blocklist mechanism relies on this fingerprint to block malicious or revoked nodes, but the malleability allows an attacker to transform a blocked certificate into an accepted one, effectively bypassing the blocklist. This bypass can lead to unauthorized connectivity and potential lateral movement within the overlay network. The weakness is tied to CWE-347, a signature malleability issue.

The vulnerability affects Slack’s Nebula overlay networking tool, specifically versions 1.7.0 through 1.10.2 when configured to use P256 certificates, which is not the default setup. Systems running these versions with P256 enabled are susceptible, while newer releases past 1.10.2 have addressed the flaw.

Based on the description, it is inferred that the attack vector requires an attacker capable of manipulating the ECDSA signature used to validate P256 certificates or controlling the process that signs certificates for the Nebula network. The likely attack vector is exposure of the certificate signing authority or exploitation of a misconfigured certificate distribution mechanism. The CVSS score of 7.6 indicates a high severity, but the EPSS score of less than 1% suggests that exploitation is unlikely at present. The vulnerability is not listed in the CISA KEV catalog. Exploitation requires the attacker to control the P256 certificate signing process or have the capability to alter signatures, which could arise in environments where certificate management is compromised or insecure. Once exploited, the attacker can join the Nebula network and bypass security controls tied to the blocklist, gaining full network access to peers and services that rely on Nebula for connectivity.