Описание
Netmaker is a platform for creating and managing virtual overlay networks using WireGuard. Prior to versions 0.8.5, 0.9.4, and 010.0, there is a hard-coded cryptographic key in the code base which can be exploited to run admin commands on a remote server if the exploiter know the address and username of the admin. This effects the server (netmaker) component, and not clients. This has been patched in Netmaker v0.8.5, v0.9.4, and v0.10.0. There are currently no known workarounds.
Ссылки
- PatchThird Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- Third Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 0.8.5 (исключая)Версия от 0.9.0 (включая) до 0.9.4 (исключая)
Одно из
cpe:2.3:a:gravitl:netmaker:*:*:*:*:*:*:*:*
cpe:2.3:a:gravitl:netmaker:*:*:*:*:*:*:*:*
EPSS
Процентиль: 69%
0.00593
Низкий
7.2 High
CVSS3
8.8 High
CVSS3
9 Critical
CVSS2
Дефекты
CWE-321
CWE-798
Связанные уязвимости
CVSS3: 7.2
github
почти 4 года назад
Use of Hard-coded Cryptographic Key in Netmaker
EPSS
Процентиль: 69%
0.00593
Низкий
7.2 High
CVSS3
8.8 High
CVSS3
9 Critical
CVSS2
Дефекты
CWE-321
CWE-798