CVE-2018-7160

Description

The Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. An attack is possible from malicious websites open in a web browser on the same computer, or another computer with network access to the computer running the Node.js process. A malicious website could use a DNS rebinding attack to trick the web browser to bypass same-origin-policy checks and to allow HTTP connections to localhost or to hosts on the local network. If a Node.js process with the debug port active is running on localhost or on a host on the local network, the malicious website could connect to it as a debugger, and get full code execution access.

CVSS Metrics

• v3.1•HIGH•Score: 8.8CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
• v2.0•MEDIUM•Score: 6.8AV:N/AC:M/Au:N/C:P/I:P/A:P

EPSS Trends

Current EPSS score: 1.50%• Percentile: 81%

Techniques & Countermeasures

• CWE-290•Authentication Bypass by Spoofing

  This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.

• CWE-350•Reliance on Reverse DNS Resolution for a Security-Critical Action

  The product performs reverse DNS resolution on an IP address to obtain the hostname and make a security decision, but it does not properly ensure that the IP address is truly associated with the hostname.

Affected Systems

• nodejs•node.js

  ≥ 6.0.0, ≤ 6.8.1 | ≥ 6.9.0, < 6.14.0 | ≥ 8.0.0, ≤ 8.8.1 | ≥ 8.9.0, < 8.11.0 | ≥ 9.0.0, < 9.10.0

• the node.js project•node.js

  ^6.0.0 || ^8.0.0 || ^9.0.0

References (3)

• https://www.oracle.com//security-alerts/cpujul2021.html
• https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/
• https://support.f5.com/csp/article/K63025104?utm_source=f5support&amp%3Butm_medium=RSS