CVE-2023-32188
CVE-2023-32188 is a critical-severity vulnerability with a CVSS 4.0 base score of 9.4. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-1270.
Key facts
- Severity: Critical (CVSS 4.0 base score 9.4)
- EPSS exploit prediction: 0% (37th percentile)
- Actively exploited: Not listed in CISA KEV
- EU (EUVD) id: EUVD-2023-2662
- Weakness: CWE-1270
- Published:
- Last modified:
Description
A user can reverse engineer the JWT token (JSON Web Token) used in authentication for Manager and API access, forging a valid NeuVector Token to perform malicious activity in NeuVector. This can lead to an RCE.
Frequently asked questions
- What is CVE-2023-32188?
- A user can reverse engineer the JWT token (JSON Web Token) used in authentication for Manager and API access, forging a valid NeuVector Token to perform malicious activity in NeuVector. This can lead to an RCE.
- How severe is CVE-2023-32188?
- CVE-2023-32188 has a CVSS 4.0 base score of 9.4, rated critical severity.
- Is CVE-2023-32188 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (37th percentile), an estimate of the probability of exploitation in the next 30 days.
- How do I fix CVE-2023-32188?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its critical severity, prioritise patching exposed systems.
- Does CVE-2023-32188 have an EU (EUVD) identifier?
- Yes. CVE-2023-32188 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2023-2662.
- When was CVE-2023-32188 published?
- CVE-2023-32188 was published on 2024-10-16 and last updated on 2026-06-17.
References
- https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32188
- https://github.com/neuvector/neuvector/security/advisories/GHSA-622h-h2p8-743x
Other CWE-1270 vulnerabilities
- CVE-2023-2882 — Critical (CVSS 9.8): Generation of Incorrect Security Tokens vulnerability in CBOT Chatbot allows Token Impersonation, Privilege…
- CVE-2025-59698 — Medium (CVSS 6.8): Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, might allow a physically proximate…
- CVE-2023-22644 — Medium (CVSS 5.5): A user can reverse engineer the JWT token (JSON Web Token) used in authentication for Manager and API access, forging a…
- CVE-2023-30524 — Medium (CVSS 4.3): Jenkins Report Portal Plugin 0.5 and earlier does not mask ReportPortal access tokens displayed on the configuration…