CVE-2017-12114

Vulnerability

An improper authorization vulnerability exists in the admin_peers API of cpp-ethereum's JSON-RPC server, specifically in commit 4e1015743b95821849d001618a7ce82c7c073768. The API fails to enforce proper access controls, allowing any JSON request to trigger functionality intended only for administrator privileges. By default, the JSON-RPC interface is bound to 0.0.0.0, exposing it to all network interfaces, and the Content-Type header is not enforced against application/json, making it susceptible to CSRF and SSRF attacks [1].

Exploitation

An attacker with network access to the cpp-ethereum JSON-RPC server can send a crafted JSON request to the admin_peers endpoint. No authentication or prior session is required. The attacker can exploit this by sending a JSON payload, either directly from a remote host or through a cross-site request forgery (CSRF) or server-side request forgery (SSRF) vector, as the server does not validate the Content-Type header [1].

Impact

Successful exploitation grants the attacker unauthorized access to the admin_peers API, which exposes node peer management functionality. The CVSSv3 score of 4.0 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N) indicates a low confidentiality impact with no integrity or availability impact. The attacker gains the ability to list or modify peer connections, potentially leaking network topology information [1].

Mitigation

As of the publication date (2018-01-19), no official patch has been released for this vulnerability. Users are advised to mitigate by manually binding the JSON-RPC interface to localhost (e.g., using the --json-rpc-interface option if available) and restricting network access to trusted hosts. Additionally, enforcing the Content-Type header requirement for application/json can reduce CSRF risk, though this does not address direct network exposure [1].